Integrating Container Vulnerability Response with other applications

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Container Vulnerability Response with other applications

    Container Vulnerability Response extends its capabilities by integrating with various container security products and applications to import, enrich, and manage vulnerability data for container images deployed at runtime. This integration provides contextual insights by linking vulnerabilities to Kubernetes entities in the Configuration Management Database (CMDB) and offers comprehensive reporting dashboards for monitoring vulnerability and remediation trends.

    Show full answer Show less

    Key Features

    • Integration with multiple container security products: Includes Palo Alto Networks Prisma Cloud Compute, Tenable, Wiz Vulnerability Response Integration, and AWS Integration for Security Exposure Management.
    • Runtime contextual enrichment: Vulnerability data is enriched with information about hosts, Kubernetes clusters, services, and namespaces where the container images are deployed.
    • Kubernetes discovery integration: Creates references from vulnerabilities to Kubernetes entities in the CMDB for better visibility and impact analysis.
    • Manual agile issue creation: In the Vulnerability Manager Workspace, users can manually create agile issues to track remediation of Container Vulnerability Issues and Remediations (CVITs and RTs).
    • Improved import queue processing: To handle large data payloads without timeouts, heartbeats (timestamps) are periodically sent to indicate active processing, and system properties manage thresholds and timeouts to prevent stuck imports.

    Practical Considerations for ServiceNow Customers

    • Integration processes handle data in pages and must complete within one hour to avoid timeout errors; however, the system is designed to continue processing despite timeouts.
    • System properties snseccmn.recordthresholdheartbeat and snseccmn.maximumheartbeatdelay control heartbeat frequency and import queue timeouts, ensuring reliable data import.
    • These integrations enable customers to consolidate container vulnerability data from multiple sources into ServiceNow, facilitating centralized vulnerability management and remediation workflows.

    Extend the capabilities of Container Vulnerability Response by integrating with other applications.

    Container Vulnerability Response integrates with container security products to pull vulnerability data for those images which are deployed to runtime. It then enriches the vulnerability data with the runtime contextual information such as hosts, Kubernetes clusters, services, and namespaces where these container images are deployed. With ServiceNow’s Kubernetes discovery, you can see the references created from vulnerabilities to the relevant Kubernetes entities in your Configuration Management Database (CMDB). In addition to enriching the metadata, ServiceNow also offers a comprehensive reporting dashboard to provide insights into the vulnerability and remediation trends.

    Container Vulnerability Response provides integrations with the following applications:

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 2.1.2 of Container Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.