Field mapping

GitHub Organizations Integration


GitHub source field	ServiceNow AI platform table	ServiceNow target field
login	sn_vul_discovered_org	name
id	sn_vul_discovered_org	org_id
description	sn_vul_discovered_org	description
url	sn_vul_discovered_org	url
repos_url	sn_vul_discovered_org	repos_url
enterprise_name (from integration config)	sn_vul_discovered_org	enterprise_name

GitHub Repositories Integration


GitHub source field	ServiceNow AI platform table	ServiceNow target field
full_name	sn_vul_app_release	app_name
id	sn_vul_app_release	source_app_id
private	sn_vul_app_release	description
description	sn_vul_app_release	description
created_at	sn_vul_app_release	app_creation_date
updated_at	sn_vul_app_release	app_updation_date
topics	sn_vul_app_release	source_additional_info
Custom properties (via GitHub custom properties API)	sn_vul_app_release	source_additional_info

GitHub Code Scanning Integration

Table 1. Code Scanning Integration field mappings for Discovered Applications
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.full_name	sn_vul_app_release	app_name
repository.id	sn_vul_app_release	source_app_id
repository.private	sn_vul_app_release	description
repository.description	sn_vul_app_release	description

Table 2. Code Scanning Integration field mappings for Application Vulnerability Entry
GitHub source field	ServiceNow AI platform table	ServiceNow target field
rule.id	sn_vul_app_vul_entry	source_entry_id
rule.description	sn_vul_app_vul_entry	threat
rule.security_severity_level	sn_vul_app_vul_entry	normalized_severity
rule.security_severity_level	sn_vul_app_vul_entry	source_severity
rule.tags (CWE entries only)	sn_vul_app_vul_entry	cwe_list

Table 3. Code Scanning Integration field mappings for Application Vulnerable Item
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.id	sn_vul_app_vulnerable_item	source_app_id
repository.full_name	sn_vul_app_vulnerable_item	app_name
number	sn_vul_app_vulnerable_item	source_avit_id
rule.id	sn_vul_app_vulnerable_item	source_entry_id
rule.security_severity_level	sn_vul_app_vulnerable_item	source_severity
html_url	sn_vul_app_vulnerable_item	source_link
state	sn_vul_app_vulnerable_item	computed_status
state	sn_vul_app_vulnerable_item	source_finding_status
most_recent_instance.message.text	sn_vul_app_vulnerable_item	description
most_recent_instance.location.path	sn_vul_app_vulnerable_item	location
most_recent_instance.location.start_line	sn_vul_app_vulnerable_item	line_number
most_recent_instance.analysis_key	sn_vul_app_vulnerable_item	source_additional_info
most_recent_instance.environment	sn_vul_app_vulnerable_item	source_additional_info
most_recent_instance.commit_sha	sn_vul_app_vulnerable_item	source_additional_info
most_recent_instance.classifications	sn_vul_app_vulnerable_item	source_additional_info
updated_at	sn_vul_app_vulnerable_item	last_scan_date
updated_at	sn_vul_app_vulnerable_item	last_found
created_at	sn_vul_app_vulnerable_item	first_found

GitHub Dependabot Integration

Table 4. GitHub Dependabot Integration field mappings for Discovered Applications
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.full_name	sn_vul_app_release	app_name
repository.id	sn_vul_app_release	source_app_id
repository.private	sn_vul_app_release	description
repository.description	sn_vul_app_release	description

Table 5. GitHub Dependabot Integration field mappings for Package
GitHub source field	ServiceNow AI platform table	ServiceNow target field
dependency.package.ecosystem + dependency.package.name	sn_vul_app_package	package_unique_id
dependency.package.name	sn_vul_app_package	package_name
dependency.manifest_path	sn_vul_app_package	paths
security_vulnerability.first_patched_version.identifier	sn_vul_app_package	fixed_package_version

Table 6. GitHub Dependabot Integration field mappings for Application Vulnerability Entry
GitHub source field	ServiceNow AI platform table	ServiceNow target field
security_advisory.ghsa_id	sn_vul_app_vul_entry	source_entry_id
security_advisory.summary	sn_vul_app_vul_entry	threat
security_advisory.severity	sn_vul_app_vul_entry	source_severity
security_advisory.cwes[].cwe_id + name	sn_vul_app_vul_entry	cwe_list

Table 7. GitHub Dependabot Integration field mappings for Application Vulnerable Item
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.id	sn_vul_app_vulnerable_item	source_app_id
repository.full_name	sn_vul_app_vulnerable_item	app_name
number	sn_vul_app_vulnerable_item	source_avit_id
security_advisory.cve_id (or ghsa_id if no CVE)	sn_vul_app_vulnerable_item	source_entry_id
security_advisory.severity	sn_vul_app_vulnerable_item	source_severity
html_url	sn_vul_app_vulnerable_item	source_link
state	sn_vul_app_vulnerable_item	computed_status
state	sn_vul_app_vulnerable_item	source_finding_status
dependency.scope	sn_vul_app_vulnerable_item	source_additional_info
dependency.manifest_path	sn_vul_app_vulnerable_item	source_additional_info
auto_dismissed_at	sn_vul_app_vulnerable_item	source_additional_info
updated_at	sn_vul_app_vulnerable_item	last_scan_date
updated_at	sn_vul_app_vulnerable_item	last_found
created_at	sn_vul_app_vulnerable_item	first_found

GitHub Secret Scanning Integration

Table 8. GitHub Secret Scanning Integration for Discovered Applications
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.full_name	sn_vul_app_release	app_name
repository.id	sn_vul_app_release	source_app_id
repository.private	sn_vul_app_release	description
repository.description	sn_vul_app_release	description

Table 9. GitHub Secret Scanning Integration for Application Vulnerability Entry
GitHub source field	ServiceNow AI platform table	ServiceNow target field
secret_type (or token_type for generic secrets)	sn_vul_app_vul_entry	source_entry_id
secret_type_display_name (or token_type for generic secrets)	sn_vul_app_vul_entry	threat

Table 10. GitHub Secret Scanning Integration for Application Vulnerable Item
GitHub source field	ServiceNow AI platform table	ServiceNow target field
repository.id	sn_vul_app_vulnerable_item	source_app_id
repository.full_name	sn_vul_app_vulnerable_item	app_name
number	sn_vul_app_vulnerable_item	source_avit_id
secret_type (or token_type for generic secrets)	sn_vul_app_vulnerable_item	source_entry_id
secret_type / token_type (derived)	sn_vul_app_vulnerable_item	scan_type
html_url	sn_vul_app_vulnerable_item	source_link
state	sn_vul_app_vulnerable_item	computed_status
state	sn_vul_app_vulnerable_item	source_finding_status
push_protection_bypassed	sn_vul_app_vulnerable_item	source_additional_info
validity	sn_vul_app_vulnerable_item	source_additional_info
updated_at	sn_vul_app_vulnerable_item	last_scan_date
updated_at	sn_vul_app_vulnerable_item	last_found
created_at	sn_vul_app_vulnerable_item	first_found

GitHub Secret Scanning Locations

Table 11. Secret Scanning Locations
GitHub source field	ServiceNow AI platform table	ServiceNow target field
locations[commit].details.path	sn_vul_app_vulnerable_item	location
locations[commit].details.start_line	sn_vul_app_vulnerable_item	line_number

State and severity Mappings

Applies to all alert integrations: Code Scanning, Dependabot, and Secret Scanning.

Note:

All Secret Scanning findings are automatically assigned a normalized severity of 5 (Critical), regardless of their GitHub-reported severity. This is because, under Application Vulnerability Response conventions, any exposed secret is by default treated as a critical risk.

Table 12. State mappings
Source State	Target State	Target Reason
open	Open
used_in_tests	Open
dismissed	Closed	False Positive
auto_dismissed	Closed	False Positive
false_positive	Closed	False Positive
fixed	Closed	Fixed
revoked	Closed	Fixed
wont_fix	Deferred	Risk Accepted

Table 13. Severity mappings
Source value	Target value
Critical	5
High	4
Medium	3
Low	2
Info/Unset	1