The Mend.io + ServiceNow integration enables organizations to unify and streamline the management of application security risks alongside their broader enterprise risks. Mend.io fits seamlessly into established enterprise-wide workflows, allowing teams to prioritize and accelerate the remediation of application vulnerabilities using existing ServiceNow processes.
By ingesting Mend.io’s high-accuracy SCA and SAST findings—directly into ServiceNow Vulnerability Response, security and operations teams can manage open source and custom code vulnerabilities in the same unified platform they use for network, infrastructure, and operational risks.
Users can navigate from a vulnerable Application to its associated Projects, and further down to specific SAST and SCA findings, using a drilldown approach. Related lists are also available within the Application and Project form views, offering direct access to relevant vulnerability data within the ServiceNow interface. Updates on findings are bi-directional to ensure synchronized management of remediation efforts.
- Import Mend.io “Applications” data and store it as Application Releases.
- Import Mend.io “Projects” data and store it in a custom projects table.
- Import “Code Findings” from Mend.io platform and attach the CWE with the same AVIT created for “Code Findings”.
- Import “Dependencies” from the Mend.io platform and attach the CVE with the same AVIT created for “Dependencies”.
- Scheduler to fetch "Applications", “Projects”, “Code Findings” and “Dependencies” data on a regular interval.
- Enabled bidirectional actions for “Code Findings” and “Dependencies” status
Mend.io now integrates with ServiceNow AVR, syncing SCA & SAST findings and enabling full visibility and actionability.
All the dependent plugins should be installed