Integrating Container Vulnerability Response with other applications

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Container Vulnerability Response with other applications

    Container Vulnerability Response enhances your security operations by integrating with various container security products and applications to pull and enrich vulnerability data for container images deployed in runtime environments. This integration adds contextual runtime information such as hosts, Kubernetes clusters, services, and namespaces. It also links vulnerabilities to relevant Configuration Management Database (CMDB) entities via ServiceNow’s Kubernetes discovery, providing comprehensive visibility into your container security posture.

    Show full answer Show less

    Key Features

    • Integration with container security tools: Supports integrations with Palo Alto Networks Prisma Cloud Compute, Atlassian Jira, Tenable, AWS Integration for Security Exposure Management, and Wiz Container Vulnerability Integration.
    • Data enrichment: Adds runtime context to vulnerability data, enabling more accurate tracking and remediation related to Kubernetes entities and infrastructure.
    • Comprehensive reporting: Offers dashboards that deliver insights into vulnerability trends and remediation progress.
    • Manual issue creation: Within the Vulnerability Manager Workspace, users can manually create agile issues to track remediation efforts for container vulnerability items and runtime threats.
    • Robust data processing: Handles large data payloads via import queue entries with heartbeats (timestamps) to monitor processing activity and avoid integration timeouts.

    Integration Processing Details

    The system processes data in pages through multiple import queue entries, each constrained by a one-hour processing time limit. To prevent stuck processes and timeouts, heartbeats are sent periodically to confirm active processing. If an import queue entry’s last processed timestamp is older than one hour, it is marked as timed out to maintain system responsiveness. These behaviors are controlled by system properties defining record thresholds for heartbeats and maximum heartbeat delays.

    Practical Benefits for ServiceNow Customers

    • Gain centralized, enriched container vulnerability data integrated with your CMDB for improved impact analysis and remediation planning.
    • Leverage automated and manual remediation tracking workflows through integrations with popular security and issue tracking tools.
    • Monitor integration health and data processing status effectively to ensure timely vulnerability data updates without delays.
    • Access detailed reporting dashboards to prioritize security efforts and assess remediation trends for container environments.

    Extend the capabilities of Container Vulnerability Response by integrating with other applications.

    Container Vulnerability Response integrates with container security products to pull vulnerability data for those images which are deployed to runtime. It then enriches the vulnerability data with the runtime contextual information such as hosts, Kubernetes clusters, services, and namespaces where these container images are deployed. With ServiceNow’s Kubernetes discovery, you can see the references created from vulnerabilities to the relevant Kubernetes entities in your Configuration Management Database (CMDB). In addition to enriching the metadata, ServiceNow also offers a comprehensive reporting dashboard to provide insights into the vulnerability and remediation trends.

    Container Vulnerability Response provides integrations with the following applications:

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 2.1.2 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.