Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors. See the following overview topics for more information about supported integrations:

• Fortify on Demand Vulnerability Integration
• GitHub Application Vulnerability Integration
• Invicti Vulnerability Integration
• Veracode Vulnerability Integration
• Vulnerability Response Integration with Black Duck
• Manual ingestion of vulnerabilities for Application Vulnerability Response
• Atlassian Jira Integration
  Important:

  In the Vulnerability Manager Workspace, you can create an agile issue manually using the list action and form action to track the remediation of AVITs and RTs.

During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.