How to Create and Associate Security Tools in Devops Change workspace
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Friday
Need Help: Security Tool Not Appearing in DevOps Change Workspace (CodeQL Integration)
Hi everyone,
I’m trying to set up a Security Tool integration in DevOps Change Workspace for GitHub CodeQL, but I’m running into an issue where the tool never shows up in sn_vul_app_integration, and GitHub Actions returns the error:
source=DevOpsError, Error while determining security Tool.
Below are the steps I followed to create and associate the tool.
1. Created the Tool Integration
DevOps → Integrations → Tool Integrations → New
Create manually: true
Tool label: GitHub CodeQL
Integration version: 1.0.0
2. Added Tool Integration Capability Mapping
Related list: Tool Integration Capability Mappings
Tool integration: GitHub CodeQL
Tool type capability: Security
3. Added Integration Capability Records
Two records under Integration Capabilities:
Connect
Action: Connect
Active: true
Subflow: sn_devops_vul_ints.security_tool_connect
Timeout: 45000
Domain: global
Validate
Action: Validate
Active: true
Subflow: sn_devops_vul_ints.security_tool_validate
Timeout: 45000
Domain: global
4. Updated Tool Integration Form Layout
Added fields:
SecOps source integration
Integration handler name
Set them to:
SecOps source integration: (my Third‑Party Integration record from sn_sec_int_integration)
Integration handler name: sn_devops_vul_ints.DevOpsSecurityToolIntegrationHandler
5. Verified Application Vulnerability Integration table
Checked Application Vulnerability Integration (sn_vul_app_integration).
Did not create any record like:
Name: GitHub CodeQL DevOps Integration
Source integration: (same SecOps source integration as above)
Problem
After creating the tool, it does NOT appear under sn_vul_app_integration.
And when running the GitHub Action:
- name: ServiceNow DevOps Security Results uses: ServiceNow/servicenow-devops-security-result@v5.1.0 with: devops-integration-token: ${{ secrets.SERVICE_NOW_DEVOPS_INTEGRATION_TOKEN_DEV }} instance-url: ${{ vars.SERVICE_NOW_INSTANCE_URL_DEV }} tool-id: ${{ secrets.SERVICE_NOW_DEVOPS_ORCHESTRATION_TOOL_ID_DEV }} context-github: ${{ toJSON(github) }} job-name: 'CodeQL Security Scan' security-result-attributes: > { "scanner": "GitHub CodeQL", "tool": "GitHub Advanced Security", "scanType": "SAST", "resultsFile": "results/codeql-sarif/csharp.sarif" }
I get this error when a Change Request is created from GitHub:
source=DevOpsError, Error while determining security Tool.
