Installing the ServiceNow Vulnerability Response Integration with Checkmarx One
The installation and configuration steps must be completed before running the integration on an instance. This ensures that the Checkmarx One product integrates with the Application Vulnerability Response feature.
Prerequisites
Complete the following setup checklist before installation. For a smooth installation and configuration, these setup tasks are required:
Verify Required Application and Roles:
Vulnerability Response Application: Verify that the Vulnerability Response application is installed and activated on your ServiceNow instance.
System Administrator Role: You must be logged in with the System Administrator role to install the application. This role is also used to assign users to the App-Sec Manager group.
App-Sec Manager Group: Members in this group will later oversee the integration's configuration and verify the results. For more information, see Application Vulnerability Response user groups and roles.
Installation
The installation involves two main phases: requesting the app from the ServiceNow Store and installing it on your instance.
Note
This process applies to applications that are downloaded to production instances. When applications are downloaded to sub-production or development instances, getting entitlements is unnecessary. See Activate a ServiceNow Store application.
Upgrading the Application
When upgrading to a new version of the Checkmarx One Vulnerability Integration application, follow these checklists to ensure a smooth upgrade process.
Important
Customized scripts may prevent the plugin from upgrading successfully. You must revert any customizations before upgrading. See here for details.
Pre-Upgrade Checklist
Before upgrading, complete the following:
Review Release Notes: Read the changelog for the new version to understand new features, changes, and any breaking changes
Document Current Configuration: Record your current integration settings (IAM URL, API Base URL, Tenant, scanner selections, filter configurations, scan synchronization settings).
Document Script Customizations: If you have customized any Script Includes, document all changes as you will need to reapply them after upgrading (if still required).
Revert Customized Scripts: Revert all customized scripts to their store version before upgrading. Navigate to each script's Versions tab and click Revert to this version on the Store Application version.
Backup Transform Map Changes: If you have modified any transform maps, export them before upgrading.
Verify Instance Compatibility: Ensure your ServiceNow instance version is compatible with the new plugin version.
Schedule Maintenance Window: Plan the upgrade during a low-activity period to minimize impact.
Post-Upgrade Checklist
After upgrading, verify the integration is working correctly:
Verify Script Versions: Navigate to Script Includes and open any Checkmarx One script. In the Versions tab, verify that the current version shows Store Application as the source.
Reapply Customizations (If Needed): If your customization is still required and not addressed in the new version, reapply it to the updated script.
Test Credentials: Navigate to the Configuration page and click Save and Test Credentials to verify API connectivity.
Verify Configuration Settings: Confirm that all configuration settings (scanner selections, filters, scan synchronization) are preserved correctly.
Run Test Integration: Execute the Checkmarx One Application List Integration manually with a recent start date to verify data import.
Verify Data Import: Check that projects, scans, and vulnerabilities are being imported correctly by viewing the respective tables.
Check Integration Runs: Navigate to Checkmarx One Vulnerability Integration > Integrations and review the latest integration runs for any errors.
Note
If the upgrade fails or appears incomplete, we recommend repairing the plugin via System Applications > Applications. Locate the Checkmarx One Vulnerability Integration, click Repair, and verify that all scripts are consistent with the current store version.