Integrating Application Vulnerability Response with other applications

  • Release version: Yokohama
  • Updated March 4, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Application Vulnerability Response with other applications

    Application Vulnerability Response (AVR) supports third-party integrations that enrich vulnerability data by importing information from external systems and vendors. These integrations enable customers to enhance their vulnerability management by incorporating data from various sources directly into their ServiceNow instance.

    Show full answer Show less

    Supported Integrations

    AVR includes integrations with several third-party vulnerability vendors and tools, such as:

    • Fortify on Demand
    • GitHub Application Vulnerability
    • Invicti
    • Veracode
    • Black Duck
    • Manual ingestion of vulnerabilities
    • Atlassian Jira integration for agile issue tracking

    Note: Multi-source integrations are not supported within AVR. Each third-party integration is handled separately, and there is no deduplication of Application Vulnerable Items (AVIs) across multiple integrations.

    Integration Processing Details

    When integrations run, they process data in multiple stages involving import queue entries that handle data in pages. Each import queue entry must complete within one hour to avoid timeout errors. If data payloads are large, processing may exceed this time, causing a timeout, but the system will continue processing.

    Starting with version 18.2.4, AVR includes a heartbeat mechanism that periodically updates timestamps in the import queue entries to indicate active processing. If no progress is detected (based on the Last Record Processed timestamp), the import queue entry will be timed out to prevent delays.

    Two system properties control this behavior:

    • snseccmn.recordthresholdheartbeat: The number of processed records before sending a heartbeat timestamp.
    • snseccmn.maximumheartbeatdelay: The maximum time allowed before timing out an import queue entry.

    Running Integrations

    Vulnerability integrations are typically scheduled to run automatically but can also be executed manually when needed.

    Required role: snvul.appreadintegrations

    To run an integration manually:

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the desired integration record.
    3. Click Execute Now to start the integration.

    Vulnerability Response includes support for third-party integrations.

    Third-party integrations

    Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors.See the following overview topics for more information about supported integrations:
    Note:

    Multi-source integrations are not supported in Application Vulnerability Response. Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment, there is no application vulnerable item (AVI) deduplication across integrations.

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Vulnerability integrations for Application Vulnerability Response are configured to run on a scheduled basis. However, you can run them manually when needed.

    Role required: sn_vul.app_read_integrations

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the record for the integration that you want to run.
    3. Click Execute Now.