DevOps Vulnerability Integrations release notes

  • Release version: Store
  • Updated June 11, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of DevOps Vulnerability Integrations Release Notes

    DevOps Vulnerability Integrations is an add-on feature set for ServiceNow ITSM Pro customers, designed to connect security tools with DevOps Change Velocity. It enables the retrieval of application vulnerabilities detected by Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), or Software Composition Analysis (SCA) tools. These integrations support third-party vulnerability scanners like Veracode and others, providing visibility into security scan results within your ServiceNow instance.

    Show full answer Show less

    Key Features

    • Security Tool Integrations: Supports integration with various CI/CD pipeline security scanners, including Checkmarx (One and SAST), Veracode, and others, enabling automated retrieval of vulnerability data.
    • Pipeline and Change Management Integration: Allows viewing of security scan results directly in Change Requests or Pipeline UI, facilitating informed change policies and automation decisions.
    • Import-based Evidence Collection: Enhances efficiency for GitLab and Jenkins by skipping step-level pipeline processing, accelerating change management and evidence gathering.
    • Harness Orchestration Tool Integration: Connects Harness with ServiceNow to synchronize CI/CD events and change data in real-time for improved DevOps workflow coordination.
    • Localization and Usability Improvements: Includes localization framework enhancements and fixes to security tool grouping within the Tools module.

    Versioning and Maintenance

    Several releases primarily updated version numbers to maintain consistency with related DevOps applications without code changes. Functional updates and new integrations have been introduced progressively from version 2.0.0 (August 2023) through version 7.0.0 (June 2026).

    What This Means for ServiceNow Customers

    By leveraging DevOps Vulnerability Integrations, customers can streamline the integration of security vulnerability data into their DevOps change processes. This improves risk visibility, supports automated change policies based on security findings, and enhances overall pipeline efficiency. The integrations with popular CI/CD and security tools help maintain secure and compliant development lifecycles within the ServiceNow platform.

    Version history for the DevOps Vulnerability Integrations on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 7.0.0 - June 2026
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
    Version 6.3.0 - March 2026
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
    Version 6.2.0 - December 2025
    • New:
      • Import-based evidence collection for GitLab and Jenkins
      • Improve instance efficiency by skipping step-level pipeline processing for accelerated change management and evidence collection for GitLab and Jenkins orchestration tools.
    Version 6.1.0 - August 2025
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
    Version 6.0.0 - May 2025
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
    Version 5.1.0 - February 2025
    • New:
      • Harness tool integration with ServiceNow
        • Integrate the Harness orchestration tool with DevOps Change Velocity. This integration enables ServiceNow to connect, discover, import, process real-time events, and integrate CI/CD with change in ServiceNow for Harness pipelines
    • Fixed: Bug fixes
    Version 5.0.0 - November 2024
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
    Version 4.1.0 - August 2024
    Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in the related DevOps applications.
    Version 4.0.0 - May 2024
    Fixed: Issues related to security tool not being grouped correctly in the Tools module has been resolved.
    Version 3.1.0 - February 2024
    New: Localization framework improvements.
    Version 3.0.0 - November 2023
    • New:
      • Checkmarx support
        • Connect Checkmarx that is integrated with your CI/CD pipelines to DevOps Change Velocity to retrieve security scan results. This helps you determine how vulnerable your code is. Checkmarx scans that are configured on GitHub Actions, Jenkins, and Azure DevOps pipelines are supported in the base system. You can view the security scan results either in the related list of a Change Request or in the Pipeline UI in your ServiceNow Instance. You can use security results in defining change policies and conditions for change automation. Both Checkmarx One and Checkmarx SAST are supported.
    Version 2.0.0 - August 2023
    DevOps Vulnerability Integrations is an additional feature set that is available for ITSM Pro customers. You need to install this application separately besides installing DevOps Change Velocity. It helps you to connect your security tools to DevOps Change Velocity. It enables you to retrieve application vulnerabilities found during Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST) or Software Composition Analysis (SCA) scanning. These vulnerabilities are generally identified by third-party systems such as Veracode or other application vulnerability scanners that are available as out-of-the-box integrations for you to use.