Preparing for the GitHub Application Vulnerability Integration

Release version: Zurich

Updated April 30, 2026

1 minute to read

Prepare for the integration by performing these tasks. The GitHub Application Vulnerability Integration assumes that you are familiar with the GitHub product and API.

There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

Roles required:

admin to download, install, and activate applications and assign roles.
GitHub administrator to obtain credentials and generate tokens in the GitHub console.
admin to set up connections and alias records in your instance.

Table 1. Setup tasks
Setup tasks	Description
Verify that the Vulnerability Response application is installed and activated.	To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased. If the application is not installed and activated see, Install Vulnerability Response.
Verify that the GitHub Application Vulnerability Integration is installed and activated.	To verify that this application is activated, navigate to Subscription Management > Subscriptions in your instance. The list displays the subscriptions your organization has purchased. If the application is not installed and activated see, Install the ServiceNow GitHub Application Vulnerability Integration.
Verify that you have the required ServiceNow roles for your instance.	The following roles are required for configuration, and verification of expected results: If not already assigned, the System administrator [admin] role permits you to install the app and assign users to the App-Sec Manager user group. The App-Sec Manager oversees configuration and verifies expected results. sn_vul_github_config_integration is inherited by the App-Sec Manager user group. This role contains the connection_admin and oauth_admin roles.
Obtain your GitHub credential and account information.	Account information is required on records you create for authentication. See Creating OAuth 2.0 credentials for GitHub Apps - JWT for the GitHub Application Vulnerability Integration for more information about details your need and setting up the required records for OAuth authentication.
Verify you're importing Common Weakness Enumeration (CWE) data.	The Common Weakness Enumeration (CWE) integration is also used by Application Vulnerability Response and should be running prior to installing and configuring the GitHub Vulnerability Integration. It is installed with Vulnerability Response, by default. Note: NIST Vulnerability Database (NVD) data is not necessary to install the GitHub Vulnerability Integration, however it provides enrichment and would be useful to have. For information on NVD, see Importing data with the NVD and CWE integrations and managing third-party libraries.