Skip to main content

Checkmarx One Vulnerability Integration with ServiceNow

The Vulnerability Response Integration with Checkmarx One uses data imported from Checkmarx One Service to help determine the impact and priority of vulnerabilities in the code and its dependencies.

Requesting Apps from ServiceNow Store

Navigate to the ServiceNow Store for all the available apps and information about submitting requests to the store.

Checkmarx One Vulnerability Integration

Important

In ServiceNow, only one AVIT will be created for vulnerabilities found in scans with the same SimilarityID.

The Checkmarx One product collects SAST (Static Application Security Testing) and SCA (Software Composition Analysis) results and provides the available data to the Now Platform®. It integrates with the Application Vulnerability Response feature of Vulnerability Response to map third-party vulnerabilities.

Scheduled tasks run the integrations automatically or daily in the order they are listed. Individual scheduled tasks can be manually executed. Scheduled jobs simplify the vulnerability remediation life cycle by synchronizing the instance with other vulnerability management systems.

Checkmarx One Vulnerability Integrations

To view the Checkmarx One vulnerability integration:

  1. Navigate to Checkmarx One Vulnerability Integration

  2. Integrations

The integrations included in the base system are:

  1. Checkmarx One Application List Integration

    This integration retrieves all projects from the Checkmarx One service. 

    A JSON-based API from Checkmarx One retrieves the list of projects. This maps the basic attributes of the Checkmarx One project in ServiceNow's Application Release object.

    This integration is active default. It can be scheduled as per the requirement to run at needed intervals.

  2. Checkmarx One Scan Summary

    When active, this integration runs after the Checkmarx One Application List Integration. It retrieves the scan summary from the Checkmarx One service.

    This integration is Active and On Demand by default; it will automatically trigger after the Checkmarx One Application List Integration. It fetches data for the most recent scan performed for a given project after the delta_ start_time of the integration.

  3. Checkmarx One Application Vulnerable Item Interaction

    This integration retrieves scan results and inserts AVIs, improving your third-party vulnerability data. For the new findings retrieved from Checkmarx One, AVIs are generated, but existing AVIs are updated. 

    This integration is Active and On Demand by default; it will automatically trigger after the Checkmarx One Summary Integration. This ensures that only data for the projects scanned after the delta_start_time of the integration are retrieved.

    To view data in third-party vulnerabilities, see View Vulnerability Libraries

Roles and Groups

A system administrator (in the ServiceNow system) needs to install the Checkmarx One Vulnerability Integration, and a member of the App-Sec Manager group can configure it.