The Mend.io - ServiceNow Integration empowers organizations to integrate Mend.io’s application security vulnerability data with ServiceNow.
By seamlessly connecting Mend.io’s industry-leading SCA and SAST scanning engines to ServiceNow’s Vulnerability Response module, this integration enhances visibility and control of application security risks.
The integration supports a drill-down approach, enabling users to navigate from an Application to its associated Projects, and further down to specific SAST and SCA findings.
To enhance usability, related lists are available within the Application and Project form views, providing direct access to relevant vulnerability data within the ServiceNow interface.
This solution helps organizations manage their AppSec risk posture and improve collaboration between security and development teams.
By ensuring that enterprises can proactively address software vulnerabilities, this integration strengthens an organization’s broader cybersecurity risk management strategy.
The integration also supports bi-directional updates on findings, enabling synchronized management and streamlined remediation directly within ServiceNow.
- Import Mend.io “Applications” data and store it as Application Releases.
- Import Mend.io “Projects” data and store it in a custom projects table.
- Import “Code Findings” from Mend.io platform and attach the CWE with the same AVIT created for “Code Findings”.
- Import “Dependencies” from the Mend.io platform and attach the CVE with the same AVIT created for “Dependencies”.
- Scheduler to fetch "Applications", “Projects”, “Code Findings” and “Dependencies” data on a regular interval.
- Enabled bidirectional actions for “Code Findings” and “Dependencies” status
Mend.io now integrates with ServiceNow AVR, syncing SCA & SAST findings and enabling full visibility and actionability.
All the dependent plugins should be installed