We’re so excited to launch support for ServiceNow customers, given the growing need for streamlined, end-to-end vulnerability management. 

Let’s dive a bit deeper into what Checkmarx and ServiceNow customers can expect from the integration.   

Prioritize and remediate with a centralized dashboard  

ServiceNow is a leading cloud-based platform that offers comprehensive solutions for IT service management, human resources, customer service, security operations, and more. It enables organizations to automate workflows, optimize processes, and provide seamless digital experiences to users across multiple departments. 

The ServiceNow® Vulnerability Response application is an important tool within the ServiceNow ecosystem that AppSec managers can leverage to drive efficiencies within application security. 

This application imports and automatically groups vulnerable items according to group rules, which allows teams to remediate vulnerabilities quickly. Data is pulled from both internal and external sources, such as the National Vulnerability Database (NVD) and third-party integrations, like the new Checkmarx plugins. 

The ServiceNow Application Vulnerability Response dashboard displays trends and summaries of vulnerabilities from leading scan vendors like Checkmarx.  

The Checkmarx ServiceNow Vulnerability Integration is now available for Checkmarx SAST and Checkmarx SCA. The integration for Checkmarx SAST is available for both Checkmarx One and on-premise deployments, while SCA is available for Checkmarx One.  

The plugins enable enterprises to run the integrations required to import projects, scan summaries, and scan results within the ServiceNow platform, giving your application security managers a clear view and top-tier prioritization and triage powers. The latest vulnerabilities found for each scan are then inserted on the ServiceNow as Application Vulnerability Items (AVIs). 

The plugins do not scan code; instead, they pull data from Checkmarx and map the results into the ServiceNow tables.  

ServiceNow Vulnerability Solutions Management: View your organization’s most impactful remediation activities and monitor their completion. 

Every time Checkmarx provides updated scan results, the ServiceNow Vulnerability Response Application can automatically assign the found vulnerabilities to a specific person, or team, by building custom workflows and automation triggers. This process accelerates the security workflow, ensuring an efficient vulnerability management process. 

Use Application Vulnerability Response to follow the flow of information, from integration through investigation, and then on to resolution. 

After vulnerability data is imported, users can compare the data to applications identified in Application Vulnerability Response, relate a single third-party vulnerability to multiple CWE entries, and find the primary CWE for the vulnerability in determining risk. And, users can easily prioritize vulnerabilities by create assignment rules or using calculators to determine business impact.   

Getting started  

With the addition of ServiceNow to the growing list of Checkmarx integrations, we’re making our products as compatible as possible with business-critical applications, so organizations can optimize workflows and keep their own applications secure.  

For customers already using both ServiceNow + Checkmarx One or Checkmarx SAST, head over to the ServiceNow Store to download the app.  

Checkmarx One Vulnerability Integration with ServiceNow (Checkmarx SAST and Checkmarx SCA)  

Download the app  

View the documentation  

Checkmarx SAST On-Prem Vulnerability Integration with ServiceNow 

View the documentation  

For existing ServiceNow customers that would like to learn more about the accuracy and power of Checkmarx One, especially how to easily view and triage scan results within ServiceNow, contact us today.  

Wrap up  

Vulnerability risk management is crucial for organizations to protect their IT infrastructure from cyber threats and to comply with regulatory requirements.  

By integrating Checkmarx scan results into the ServiceNow Vulnerability Response Application, users can better manage vulnerabilities and ensure seamless communication with incident response tasks, change requests, and problem management.  

We’re so excited to announce this integration and can’t wait to hear from more customers about the day-to-day impact it makes on building smart and efficient workflows and the ability to better track, prioritize, and remediate the vulnerabilities in one centralized dashboard.  

This partnership combines Brinqa’s risk-based prioritization, automation, and reporting with Checkmarx’ application security detection and remediation capabilities.  Learn more about the Checkmarx and Brinqa partnership here.

The Power of Partnership 

Our industry-leading application security platform, Checkmarx One, offers comprehensive application security capabilities. It scans applications across all aspects of the software development lifecycle (SDLC), detecting security issues and vulnerabilities. 

While Brinqa was integrated into Checkmarx SAST in the past, we are excited to bring it to Checkmarx One with SAST, SCA, and IaC results feeding into Brinqa’s Attack Surface Intelligence Platform. 

Building on the power of the Checkmarx One platform, Brinqa brings risk-based prioritization using business context, the ability to orchestrate aspects of the remediation process, and role-based access control (RBAC) protected reporting capabilities. Brinqa serves as the user interface that shows centralized security findings and reports from Checkmarx, and other AST platforms and scanning tools. 

The collaborative solution allows organizations to rapidly detect, prioritize, and respond to threats and vulnerabilities using proper business contexts. Additionally, the role-based visibility and reporting capabilities make it possible to communicate to both technical and business audiences with a holistic view of your application landscape.  

Monitor and Communicate Application Security Posture 

With Brinqa, organizations can enforce Service Level Agreements (SLAs) and accelerate the remediation of software vulnerabilities via orchestrated workflows. This enhances ticketing and automates ownership assignment, allowing development and application teams to work in their comfort zone. Brinqa’s integration with all existing ticketing and issue-tracking systems also enables closed-loop tracking, providing a single location for managing all remediation and SLA tracking. 

Brinqa shifts AppSec program reporting from being tool-centric to application-centric. It offers comprehensive cyber-hygiene dashboards and reports, and application security scorecards. This not only gamifies the process, fostering competition among developers and app owners, but also communicates application risk in a language that all stakeholders and business leaders can understand. 

Connect Instantly 

The collaboration between Brinqa and the Checkmarx One team has resulted in an integration that enables Checkmarx One customers to quickly improve their application security posture using the Brinqa platform. The Brinqa connector for Checkmarx One creates a unified knowledge source for cyber risk, correlating Checkmarx One results with other tools and business context. 

Value for your Development Team   

By supporting multiple data integrations, including multiple instances of each, organizations can centralize risk-based decisions and workflows that cover applications, IT, and cloud assets, providing full-stack coverage of their attack surface.  

This unified approach consolidates findings from various testing and scanning data sources across the attack surface, correlating them with Threat Intel and business context. This continuous prioritization based on actual exposure and business importance feeds into the orchestration of remediation, enabling a comprehensive view of the application security (AppSec) landscape.  

Furthermore, this system allows for the consolidation, correlation, normalization, and prioritization of remediation according to asset risk attributes. While a given development team may or may not work directly within Brinqa, the prioritization output will certainly help them streamline their workloads to optimally remediate the risks most critical to the business. Complex remediation routing and management workflows, including approvals, remediation, and exception requests, can be configured, streamlining the AppSec process. 

Value for CISOs 

For CISOs, the Checkmarx and Brinqa integration helps establish and report on remediation Service Level Agreements (SLAs) for business units and third-party software providers. This not only ensures accountability but also promotes a proactive approach to managing security risks.  

Furthermore, the partnership helps equip security teams with the tools and language to communicate clearly across the organization. This involves guiding development teams on what they need to remediate, and helping business teams understand the potential impact of these risks on the business. By doing so, CISOs can foster a culture of transparency and collaboration, where every team understands their role in maintaining the organization’s security posture. 

Trusted, Innovative Security Leaders 

Top brands trust Brinqa to unify their cyber risk lifecycle. Checkmarx, a six-time leader in Gartner’s Magic Quadrant for Application Security Testing (AST), continues to be a trusted name in the industry. 

Bringing this powerful combination to market, cyber advisory and solutions leader Optiv will leverage the Brinqa-Checkmarx integration as their default prevention and protection AppSec solution to their customers. Optiv brings security practitioner expertise in designing and maturing application security programs, making it even easier for organizations to build world-class application security programs that meet the needs of today’s evolving threat landscape.  

In short, the partnership between Checkmarx and Brinqa offers a unified, comprehensive solution for managing the cyber risk lifecycle across your application attack surface. It’s time to elevate the security conversation, hold risk owners accountable, and manage all vulnerabilities in a single platform. 

For more information, get in touch with your Checkmarx account rep, or contact us today.  

Learn more about the Checkmarx and Brinqa partnership here.