Find and prioritize application vulnerabilities with ServiceNow and Checkmarx

A brand-new integration for enterprise-scale AppSec is ready for Checkmarx and ServiceNow customers to download in the ServiceNow plugin store. The ServiceNow Vulnerability Dashboard now enables organizations to easily integrate Checkmarx SAST and SCA.   

We’re so excited to launch support for ServiceNow customers, given the growing need for streamlined, end-to-end vulnerability management. 

Let's dive a bit deeper into what Checkmarx and ServiceNow customers can expect from the integration.   

Prioritize and remediate with a centralized dashboard  

ServiceNow is a leading cloud-based platform that offers comprehensive solutions for IT service management, human resources, customer service, security operations, and more. It enables organizations to automate workflows, optimize processes, and provide seamless digital experiences to users across multiple departments. 

The ServiceNow® Vulnerability Response application is an important tool within the ServiceNow ecosystem that AppSec managers can leverage to drive efficiencies within application security. 

This application imports and automatically groups vulnerable items according to group rules, which allows teams to remediate vulnerabilities quickly. Data is pulled from both internal and external sources, such as the National Vulnerability Database (NVD) and third-party integrations, like the new Checkmarx plugins. 

The ServiceNow Application Vulnerability Response dashboard displays trends and summaries of vulnerabilities from leading scan vendors like Checkmarx.  

The Checkmarx ServiceNow Vulnerability Integration is now available for Checkmarx SAST and Checkmarx SCA. The integration for Checkmarx SAST is available for both Checkmarx One and on-premise deployments, while SCA is available for Checkmarx One.  

The plugins enable enterprises to run the integrations required to import projects, scan summaries, and scan results within the ServiceNow platform, giving your application security managers a clear view and top-tier prioritization and triage powers. The latest vulnerabilities found for each scan are then inserted on the ServiceNow as Application Vulnerability Items (AVIs). 

The plugins do not scan code; instead, they pull data from Checkmarx and map the results into the ServiceNow tables.  

ServiceNow Vulnerability Solutions Management: View your organization’s most impactful remediation activities and monitor their completion. 

Every time Checkmarx provides updated scan results, the ServiceNow Vulnerability Response Application can automatically assign the found vulnerabilities to a specific person, or team, by building custom workflows and automation triggers. This process accelerates the security workflow, ensuring an efficient vulnerability management process. 

Use Application Vulnerability Response to follow the flow of information, from integration through investigation, and then on to resolution. 

After vulnerability data is imported, users can compare the data to applications identified in Application Vulnerability Response, relate a single third-party vulnerability to multiple CWE entries, and find the primary CWE for the vulnerability in determining risk. And, users can easily prioritize vulnerabilities by create assignment rules or using calculators to determine business impact.   

Getting started  

With the addition of ServiceNow to the growing list of Checkmarx integrations, we’re making our products as compatible as possible with business-critical applications, so organizations can optimize workflows and keep their own applications secure.  

For customers already using both ServiceNow + Checkmarx One or Checkmarx SAST, head over to the ServiceNow Store to download the app.  

Checkmarx One Vulnerability Integration with ServiceNow (Checkmarx SAST and Checkmarx SCA)  

Download the app  

View the documentation  

Checkmarx SAST On-Prem Vulnerability Integration with ServiceNow 

View the documentation  

For existing ServiceNow customers that would like to learn more about the accuracy and power of Checkmarx One, especially how to easily view and triage scan results within ServiceNow, contact us today.  

Wrap up  

Vulnerability risk management is crucial for organizations to protect their IT infrastructure from cyber threats and to comply with regulatory requirements.  

By integrating Checkmarx scan results into the ServiceNow Vulnerability Response Application, users can better manage vulnerabilities and ensure seamless communication with incident response tasks, change requests, and problem management.  

We’re so excited to announce this integration and can’t wait to hear from more customers about the day-to-day impact it makes on building smart and efficient workflows and the ability to better track, prioritize, and remediate the vulnerabilities in one centralized dashboard.  

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content