ServiceNow AppVR Integration

Snyk integrates into ServiceNow® Application Vulnerability Response (AVR) to track and remediate software vulnerabilities in open-source and first-party code.

Snyk for ServiceNow AppVR gives enterprise application security teams a single view of all their organization’s open-source and first-party code vulnerabilities, from development to production. A single view showing vulnerabilities tracked by application, severity, and scope results in better coordination with development teams to protect against potential software breaches.

Bringing these insights directly into ServiceNow Application Vulnerability Response gives your team visibility into the security issues of your applications. This enables better prioritization of incidents, speeds up ticket assignments, and fixes issues to reduce risk across the software development lifecycle (SDLC).

When Snyk identifies that an issue is fixed, the Application Vulnerable Item (AVIT) in ServiceNow is closed. If Manage Exceptions in ServiceNow or Manage False Positives in ServiceNow are configured in the integration, exceptions and false positives go through the customer-designed approval process. When approved, an ignore is added to the Snyk UI automatically.

Use cases for ServiceNow AppVR integration

The Snyk ServiceNow AVR can help teams that want to accomplish the following:

Track and manage vulnerabilities efficiently: Create and update ServiceNow Application Vulnerable Items (AVITs) automatically from Snyk Open Source SCA and Snyk Code findings.

Make faster, data-driven security decisions: Automatically prioritize vulnerabilities found across the SDLC, build automated workflows to route tasks to the correct teams, and facilitate better collaboration across the organization. Tickets created against vulnerabilities found across the SDLC are routed faster to the appropriate team.

Get a unified view of vulnerabilities and remediation status: View application vulnerabilities using dashboards to see current status, remediation reports, and executive summaries–all in one place. Your team will get a single view of Snyk SCA and SAST findings, such as vulnerabilities in open source dependencies, first-party code, the number of Projects imported, and vulnerabilities fixed, for improved tracking and increased efficiency,

Understand risk and impact of vulnerabilities: Calculate vulnerability risk and determine prioritization using ServiceNow’s vulnerability and risk calculators combined with Snyk’s industry-leading intelligence.

Prerequisites for ServiceNow AppVR integration

• Snyk REST API entitlement (Enterprise License)

• Snyk Open Source, Snyk Code, or both

• Entitlements needed with ServiceNow. Contact your ServiceNow representative to inquire.

Visit the ServiceNow Store to find installation documentation and the download for the Snyk Security for Application Vulnerability Response App.