Application Vulnerability Response release notes

  • Release version: Australia
  • Updated June 5, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Application Vulnerability Response release notes

    The ServiceNow Application Vulnerability Response (AVR) application integrates security and IT operations to help you remediate critical application vulnerabilities more quickly and efficiently. The Australia release, updated June 5, 2026, introduces enhancements that improve data integration, workflow automation, and vulnerability management capabilities. This application is available via the ServiceNow Store.

    Show full answer Show less

    Key Features

    • Wiz Integration Enhancements: Import detailed application, Software Composition Analysis (SCA), and secrets data using the Wiz Application Vulnerability Response Integration, including Application List, SCA Findings, and Secret Findings integrations.
    • Third-Party Scanner Integration: Support for importing vulnerability data from various third-party scanners with automated workflows to prioritize, remediate, and manage Application Vulnerable Items (AVITs).
    • Penetration Test Workspace: Monitor penetration test requests, findings, and team progress centrally.
    • Vulnerability Manager Workspace: Reevaluate risk scores, assignments, remediation dates, exceptions, and tasks for specific AVITs efficiently.
    • Configurable Lookup Rules: The new "Applies to" field allows differentiation between Application Vulnerability Response and Vulnerability Response lookup rules, reducing conflicts during background job processing.
    • Wiz Asset Integration Controls: Asset integration is deactivated by default, and you can specify resource types to import only relevant assets, simplifying configuration and reducing unnecessary data imports.
    • GitHub Secret Scanning Integration: Now supports importing generic secrets in addition to standard secrets, with configurable ingestion options and mapping to AVITs.
    • Enhanced Vulnerability Assessment Workflows: Includes filtering configuration items (CIs) in assessments via a condition builder, automatic population of Business Application data on AVITs from SBOM assessments, and automatic priority roll-down from assessments to related vulnerability items, ensuring consistent severity prioritization.
    • Improved Compensatory Controls: Newly ingested vulnerable items linked to remediation tasks with approved compensating controls inherit the reduced risk rating automatically.

    Upgrade and Activation Information

    • If you currently use Application Vulnerability Response but do not plan to upgrade to Unified Security Exposure Management (USEM), you should install a version below v30.x and ensure compatibility with third-party integrations.
    • Detailed compatibility information is available in the Vulnerability Response Compatibility Matrix and Release Schema Changes knowledge base article.
    • To activate Application Vulnerability Response, request installation from the ServiceNow Store. The store also provides cumulative release notes and version histories.

    The ServiceNow® Application Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Application Vulnerability Response was enhanced and updated in the Australia release.

    Application Vulnerability Response highlights for the Australia release

    • Import application vulnerability response data that includes application, Software Composition Analysis (SCA) and secrets data with the Wiz Application Vulnerability Response Integration.
    • If you're currently using Application Vulnerability Response and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management (USEM) notes for more information about USEM and the Unified Security Exposure Management migration.
    • Integrate with supported third-party scanners to import vulnerability data and use automated workflows to prioritize, remediate, and manage findings (application vulnerable items (AVITs)). Each application vulnerability represents a vulnerability entry in the Common Weakness Enumeration (CWE) or third-party libraries.
    • Monitor your penetration test requests and findings, as well as your team's overall progress in the Penetration Test Workspace.
    • Reevaluate the risk score, assignments, remediation target date, exceptions, and remediation task for a specific set of application vulnerable items in the Vulnerability Manager Workspace.
    • Compare application vulnerability-related data and determine if application vulnerabilities are found in an application.

    See Application Vulnerability Response for more information.

    Important:
    Application Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Application Vulnerability Response to Australia

    • If you are currently using Application Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Application Vulnerability Response and for upgrades to supported third-party integration applications.
    • For information about the new features of Vulnerability Response, see the Vulnerability Response release notes.
    • For more information about the released versions of the Application Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Australia release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    New in the Australia release

    Wiz Application Vulnerability Response Integration
    Import application, Software Composition Analysis (SCA), findings, Secrets (passwords, tokens and keys) data with the following Wiz Vulnerability integrations:
    • Application List Integration
    • SCA Findings Integration
    • Secret Findings Integration

    You can configure these integrations on the Wiz Vulnerability Integration configuration page along with the other Wiz Vulnerability integrations. View imported application list data such as Product Model and Source application ID from Wiz on the Discovered Applications [sn_vul_app_release] table records, and SCA and Secrets data on the Application Vulnerable Items [sn_vul_app_vulnerable_item] table records.

    GitHub Application Vulnerability Integration – Generic secrets support
    The GitHub Secret Scanning Integration supports imports of generic secrets in addition to standard secrets from your GitHub repositories. An enhanced Manage generic secrets in ServiceNow configuration option lets you control whether generic secrets are ingested. Imported secrets are mapped to Application Vulnerable Items (AVITs) with the scan type, Secret, while generic secrets are mapped with the scan type, Generic Secret.
    Improved vulnerability assessment workflows
    • CI filtering for vulnerability assessments: You can now filter which configuration items are included in a vulnerability assessment using a condition builder.
    • Business Application population on AVITs: AVITs created from SBOM assessment results now include Business Application information, helping you understand application impact and prioritize remediation.
    • Priority roll‑down from vulnerability assessments: Updates to the priority of a vulnerability assessment now automatically roll down to associated VITs and AVITs, ensuring consistent prioritization based on the highest severity.
    Enhanced Compensatory controls
    When new vulnerable items are ingested and associated with a remediation task that already has an approved compensating control, the reduced risk rating is now automatically inherited by those new vulnerable items.

    Activation information

    Install Application Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.