Integrating Application Vulnerability Response with other applications

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Integrating Application Vulnerability Response with other applications

    Application Vulnerability Response (AVR) supports integration with third-party vulnerability management systems to enrich your vulnerability data by importing information from external vendors. This capability helps you consolidate and manage application vulnerabilities more effectively within your ServiceNow instance.

    Show full answer Show less

    Key Features

    • Supported Third-Party Integrations: AVR integrates with several external tools including Fortify, GitHub, Invicti, Veracode, Black Duck, and Atlassian Jira, allowing automated or manual ingestion of vulnerability data.
    • Manual Issue Tracking: In the Vulnerability Manager Workspace, you can manually create agile issues to track remediation efforts for Application Vulnerable Items (AVITs) and Remediation Tasks (RTs).
    • Integration Behavior: Each integration runs as multiple processes that receive data in batches (pages). These processes must complete within a one-hour time limit to avoid timeout errors.
    • Heartbeat Mechanism: From version 18.2.4 onward, AVR sends periodic timestamps (heartbeats) during data import to indicate active processing and prevent false timeout errors.
    • Import Queue Monitoring: The system tracks the "Last Record Processed" to detect stalled imports and properly time out stuck queues, ensuring consistent and reliable data ingestion.
    • Scheduling and Manual Execution: Vulnerability integrations are scheduled automatically but can also be triggered manually by users with the snvul.appreadintegrations role through the Application Vulnerability Response administration interface.

    Important Considerations

    • No Deduplication Across Multiple Integrations: If multiple third-party integrations are used simultaneously, duplicate Application Vulnerable Items (AVIs) may occur as deduplication is not performed across integrations.
    • Relationship with CSDM: AVR, along with related Security Operations applications, contribute to and utilize Common Service Data Model (CSDM) tables, enabling enhanced data sharing and value across ServiceNow products.
    • Multi-Source Integration: AVR does not support multi-source integrations; each third-party integration operates independently.

    Vulnerability Response includes support for third-party integrations.

    Third-party integrations

    Application vulnerability integrations help enrich the application vulnerability data on your instance by retrieving data from external systems and vendors. See the following overview topics for more information about supported integrations:
    Note:

    Multi-source integrations are not supported in Application Vulnerability Response. Third-party integrations are treated separately. If more than one third-party integration application is in use in your environment, there is no application vulnerable item (AVI) deduplication across integrations.

    Vulnerability Response applications and CSDM tables

    The Vulnerability Response, Application Vulnerability Response, third-party vulnerability integrations and Software Bill of Materials applications manage (contribute data to) CSDM tables. These applications also use data from CSDM tables that other applications generate. Several ServiceNow products, therefore, benefit from and add value to these Security Operations applications. See Vulnerability Response applications and CSDM tables for more information.

    Additional notes for integrations

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Application Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Vulnerability integrations for Application Vulnerability Response are configured to run on a scheduled basis. However, you can run them manually when needed.

    Role required: sn_vul.app_read_integrations

    1. Navigate to All > Application Vulnerability Response > Administration > Integrations.
    2. Open the record for the integration that you want to run.
    3. Click Execute Now.