Two of the world’s leading software companies have gone on the record touting the productivity gains of AI-generated code. Google states that 25% of company’s code is AI generated (Forbes). Microsoft projects that ‘By next year half of our development will be done by AI’ (CNBC). The proportion of AI-generated code will soon reach a tipping point after which more than half of company code is generated by AI software, straining our capacity for human oversight. But what happens when 2x, 5x, or even 10x of the code in organizations is generated by machines?

 

The need for a control tower of company code has never been clearer, which is why ServiceNow is partnering with Apiiro to bring Apiiro’s deep visibility into the architecture of code into the platform, arming Security and IT with the visibility and security automation they need to secure this critical source of value to companies.  

 

In enterprises, the Configuration Management Database (CMDB) is the go-to source for answering, “What do we have?”

 

With the explosive adoption of AI coding assistants, software is changing by the minute – and code ownership is distributed across thousands of developers. A static record is no longer enough, and now we can connect the asset and service pedigree that exists in ServiceNow to the code entities and the code repositories that run our most critical business applications.

 

Every new feature that drives business growth starts with a code change. These code changes are Code Assets – but they can introduce significant risk.

 

To prevent and respond to security and compliance risks ServiceNow and Apiiro partnered on an integration with Application Vulnerability Response to provide these workflows in ServiceNow (available the ServiceNow Store). Enterprises also need a real-time, dynamic view of their entire code assets inventory and their relationships – how code is developed and deployed, and how it maps to runtime environments, business risks and remediation workflows.

 

That’s the motivation behind the industry-first Apiiro CMDB integration with ServiceNow – powered by Apiiro’s Deep Code Analysis (DCA) and code-to-runtime matching technology.

 

Now available in the ServiceNow Store, this integration connects Apiiro’s deep code-to-runtime intelligence with ServiceNow’s CMDB to give security and operations teams a shared, accurate, and continuously updated view of their applications and software components, without the swivel-chair and manual data entry.

 

What it does

 

• Syncs ServiceNow business application records to Apiiro and enriches them with real-time insights from code, dependencies, and version control systems.
  
  
• Populates code assets inventory — like code repositories, APIs, packages, technologies, PII data, and code models — into custom tables in ServiceNow CMDB.
  
  
• Surfaces application-level risks and links them to the exact code asset and code owners responsible for remediation.
  
  
• Matches runtime data (e.g., from Wiz, Prisma, Akamai) with the source code that produced it — dramatically reduce the remediation workflows.
  
  
• Supports automation via ServiceNow Application Vulnerability Workflow based on risk severity and score, business impact, and material code changes.

 

Technical Perspective

 

As the pace of software development accelerates and cloud-native architectures grow in complexity, organizations are increasingly looking for ways to complement their CMDB with richer, more dynamic context, especially around the applications that drive their business.

 

That’s where Apiiro comes in. By integrating with ServiceNow, Apiiro brings deep, continuous visibility into the software supply chain, directly from code through to runtime. The integration begins by ingesting application records from the ServiceNow CMDB, which remains the authoritative source for business applications.

 

Apiiro then enhances those records with detailed insights derived from static code analysis, dependency mapping, and real-time signals. This enrichment includes eXtended Software Bill of Materials (XBOM) data such as code repositories, packages, APIs, technologies, sensitive data, and code models, all linked back to the original application record in ServiceNow.

 

From a technical standpoint, this is a bi-directional, risk-aware integration designed to help security teams make faster, more informed decisions. Apiiro periodically syncs enriched data to ServiceNow using custom tables (in the initial release), enabling downstream automation and assignment workflows that reflect both code-level context and runtime exposure.

 

When runtime systems are already integrated into ServiceNow through partners like Wiz or Prisma, Apiiro can match entities across environments, completing the picture from developer intent to deployed artifact.

 

Together, ServiceNow and Apiiro enable a more complete system of record: one that not only catalogs what applications exist, but also surfaces what they’re made of, who owns them, and what risks they present, all with the fidelity and freshness required to keep up with today’s software development lifecycle.

 

Learn More & See It in Action

 

If you’re curious how this integration plays out in practice, we recently unpacked the full picture in our latest webinar, covering how teams can align their CMDB and Vulnerability Response workflows using real-time code context with examples, architecture diagrams, and Q&A from the field.

 

The integration is now live in the ServiceNow Store. If you're already a ServiceNow customer, you can install it directly into your environment and start mapping your application data, from repositories and APIs to SBOM components, in just a few clicks.

 

Planning to attend BlackHat? Book demo time at our booth. We’d love to show you the integration live at booth #4208 and share how customers are already using it to streamline security triage and remediation. You can also book a meeting with the Apiiro team and ServiceNow at the event to dig deeper.

 

If you're not headed to Vegas, and are interested in exploring the integration one-on-one, you can always request a demo from the Apiiro team.

 

Watch: Apiiro and ServiceNow – Automated, real-time code-to-runtime risk-based software inventory

 

 

Watch: Apiiro and ServiceNow – Community Webinar on Application VR integration