DevOps Vulnerability Integrations release notes
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of DevOps Vulnerability Integrations Release Notes
The DevOps Vulnerability Integrations application extends the capabilities of ServiceNow DevOps Change Velocity by connecting security tools to import and manage application vulnerability data. It supports integration with various CI/CD pipeline tools and security scanners to help ServiceNow customers incorporate vulnerability insights into their change management processes. This application is available as an add-on for ITSM Pro customers and requires separate installation alongside DevOps Change Velocity.
Show less
Key Features
- Security Tool Integration: Supports vulnerability data import from tools such as Veracode, Checkmarx (One and SAST), and others that perform Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), and Software Composition Analysis (SCA).
- CI/CD Pipeline Support: Enables integration with orchestration tools including GitHub Actions, Jenkins, Azure DevOps, GitLab, and Harness to collect security scan results and real-time events.
- Import-based Evidence Collection: Introduced for GitLab and Jenkins to optimize instance efficiency by skipping step-level pipeline processing, accelerating change management and evidence collection.
- Localization Improvements: Enhancements to support localization for broader usability.
Release Management and Updates
- Several releases focus on maintaining version consistency with related DevOps applications without introducing code changes (notably versions 4.1.0, 5.0.0, 6.0.0, 6.1.0, 6.3.0, and 7.0.0).
- Bug fixes and usability improvements, including resolving security tool grouping issues in the Tools module (version 4.0.0) and general bug fixes (version 5.1.0).
Practical Benefits for ServiceNow Customers
- Integrate security vulnerability data directly into ServiceNow workflows to enhance visibility into application security risks during change management.
- Use security scan results within change policies and automation conditions to enforce security compliance in CI/CD pipelines.
- Improve efficiency and accuracy of vulnerability evidence collection from multiple orchestration tools, reducing manual effort and accelerating DevOps processes.
Version history for the DevOps Vulnerability Integrations on the ServiceNow Store.
Important:
For details on system requirements and family compatibility, view the application
listing on the ServiceNow Store
website.
Version history
- Version 7.0.0 - June 2026
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
- Version 6.3.0 - March 2026
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
- Version 6.2.0 - December 2025
-
- New:
- Import-based evidence collection for GitLab and Jenkins
- Improve instance efficiency by skipping step-level pipeline processing for accelerated change management and evidence collection for GitLab and Jenkins orchestration tools.
- New:
- Version 6.1.0 - August 2025
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
- Version 6.0.0 - May 2025
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
- Version 5.1.0 - February 2025
-
- New:
- Harness tool integration with ServiceNow
- Integrate the Harness orchestration tool with DevOps Change Velocity. This integration enables ServiceNow to connect, discover, import, process real-time events, and integrate CI/CD with change in ServiceNow for Harness pipelines
- Harness tool integration with ServiceNow
- Fixed: Bug fixes
- New:
- Version 5.0.0 - November 2024
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in related DevOps applications.
- Version 4.1.0 - August 2024
- Changed: No code updates were made in this release. The release number has been updated to maintain consistency with changes in the related DevOps applications.
- Version 4.0.0 - May 2024
- Fixed: Issues related to security tool not being grouped correctly in the Tools module has been resolved.
- Version 3.1.0 - February 2024
- New: Localization framework improvements.
- Version 3.0.0 - November 2023
- New:
- Checkmarx support
- Connect Checkmarx that is integrated with your CI/CD pipelines to DevOps Change Velocity to retrieve security scan results. This helps you determine how vulnerable your code is. Checkmarx scans that are configured on GitHub Actions, Jenkins, and Azure DevOps pipelines are supported in the base system. You can view the security scan results either in the related list of a Change Request or in the Pipeline UI in your ServiceNow Instance. You can use security results in defining change policies and conditions for change automation. Both Checkmarx One and Checkmarx SAST are supported.
- Checkmarx support
- New:
- Version 2.0.0 - August 2023
- DevOps Vulnerability Integrations is an additional feature set that is available for ITSM Pro customers. You need to install this application separately besides installing DevOps Change Velocity. It helps you to connect your security tools to DevOps Change Velocity. It enables you to retrieve application vulnerabilities found during Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST) or Software Composition Analysis (SCA) scanning. These vulnerabilities are generally identified by third-party systems such as Veracode or other application vulnerability scanners that are available as out-of-the-box integrations for you to use.