Integrate Mend Results into ServiceNow
Note: Mend integration with ServiceNow is currently in open beta. To join the beta program, please contact your Customer Success Manager at Mend.io.
Overview
Mend.io integrates with ServiceNow to extend the power of the Mend AppSec Platform into your ServiceNow ecosystem, enabling unified risk visibility and streamlined vulnerability management workflows. This integration automatically imports application, project, and vulnerability data from Mend.io into ServiceNow’s Application Vulnerability Response (AVR) module, ensuring that security and IT teams have a single source of truth for prioritizing and remediating software risks.
To set up the integration, you need to generate a token in the Mend AppSec Platform and use it to connect Mend to ServiceNow. The integration also supports bi-directional updates on findings, enabling synchronized management and streamlined remediation directly within ServiceNow.
Getting it done
Prerequisites
Mend.io
A Mend account with read access to your organization's Mend projects and findings.
Dependencies/Code findings available for synchronization.
ServiceNow
Vulnerability Response plugin installed and active (min version 26.0.11).
Required ServiceNow dependencies and permissions are listed here: https://store.servicenow.com/store/app/99a78ae347a9ba9095ebf235126d43fe
Retrieve your Activation Key from the Mend Platform
Log into your organization via the Mend Platform.
Note: Make sure you are an organization administrator.Navigate to the setting “con” icon → Integrations:
Click on the ServiceNow card. Then, click on the Get Activation Key button that appears to get your activation key for the Invicti Integration.
Copy and save this value for the next step.
Configure the Mend Integration in ServiceNow
Details about connecting Mend.io to ServiceNow can be found here.
Please refer to our Configure the scan engine to fetch from Mend Integration for ServiceNow (SAST vs. SCA) documentation to configure which scan engines you would like to fetch for this integration.
After the integration is successfully established, ServiceNow scans repositories linked to Mend.io and populates them according to the configured cycle.