Skip to main content

Integrate with ServiceNow Application Vulnerability Response (AVR)

The Contrast Vulnerability Sync integration with ServiceNow imports vulnerabilities based on applied filters, creates Vulnerable Items, and maps them to Configuration Items (CIs). This behavior helps teams streamline vulnerability response and maintain an accurate security posture within ServiceNow.

In the Contrast web interface, the Activity tab for a scan reflects activity from the ServiceNow AVR integration.

This procedure is for users who are familiar with using ServiceNow.

Before you begin

Ensure you have the following information:

  • URL for your ServiceNow instance

  • Contrast account credentials

    In the Contrast web interface, under the user menu, select User settings. Copy these credentials:

    • Organization ID

    • API key

    • Authorization header

  • ServiceNow administration role (for example, security_admin) to install Contrast Vulnerability Sync.

  • Activated ServiceNow plugins:

    • Vulnerability Response version 20.2.4

    • Contrast Vulnerability Sync Integration version 1.1.8

Install Contrast Vulnerability Sync

  1. Go to the ServiceNow Store.

  2. Search for Contrast Vulnerability Sync.

  3. Select Contrast Vulnerability Sync.

  4. Select Get.

  5. When prompted to do so, log in to ServiceNow (use your ServiceNow ID or select Are you a customer who doesn't have ServiceNow ID?).

  6. Once the app is added, go to to Applications > All Available Applications > All.

  7. Search for Contrast Vulnerability Sync and select Install.

Configure the Contrast ServiceNow AVR integration

  1. In ServiceNow, in the search bar on the left, search for Contrast Application Vulnerability.

  2. Go to Contrast Application Vulnerability > Configuration.

  3. In Contrast Application Vulnerability Configuration, enter these credentials:

    • API Key: Your Contrast API key

    • Authorization: Your Contrast Authorization Header

    • Contrast URL The URL for your Contrast instance

    • Organization Id: Your Contrast Organization ID

  4. Select the options to manage exceptions and false positives in ServiceNow.

  5. Select Submit.

Confirm HTTP request response times

  1. From the All menu, go to System Logs > Outbound HTTP requests.

  2. Verify that the Response time for the Contrast teamserver entries is 200.

  3. Confirm that the Response times (latency) are acceptable.

Verify IAST and SAST integrations are active

  1. From the All menu, search for Contrast Application Vulnerability.

  2. Under Contrast Application Vulnerability, select Integrations.

  3. Verify the status in the Active column for the IAST and SAST integrations is true.

Configure IAST and Scan integrations

  1. From the All menu, search for Contrast Application Vulnerability.

  2. Under Contrast Application Vulnerability, select Integrations.

  3. Select either the IAST or SAST integration.

  4. In the Contrast IAST List Integration or Contrast SAST integration window, set the schedule and triggers that best suit your environment.

    Use 30 minutes or more as the schedule interval.

  5. In the Vulnerability Integration Runs tab, review executions of the integrations to ensure they are working correctly.

As part of the configuration, the integrations automatically create two data sources for each integration, providing high availability.

View vulnerability details

The integration Ingests Contrast issues into ServiceNow Application Vulnerability Item tables. These tables provide critical details on status, risk score, application, HTTP requests and CWEs. It also synchronizes status and work notes.

  1. In the search bar on the left, search for Application Vulnerability Response.

  2. Under Vulnerable Items, select Active

    The Application Vulnerability Items table displays a list of the Contrast vulnerabilities.

  3. To view additional details, select an Application Vulnerability Item number.

ServiceNow AVR and Contrast status mapping

Each status change is staged and updates based on your predefined schedule.

This table shows how the different status indicators map to each other.

ServiceNow status

Contrast status

Contrast IAST vulnerability status

Contrast static SAST vulnerabiilty status

Open

Reported

Reported

Reported

Under investigation

Suspicious

Suspicious

Suspicious

Awaiting implementation

Confirmed

Confirmed

Confirmed

In review

Suspicious

Status not present

Status not present

Resolved

Remediated

Remediated

Remediated

Deferred

Not a problem-other

Status not present

Status not present

C;losed

Remediated

Remediated

Remediated

In this section: