Skip to content

docs(integrations): add ServiceNow SecOps / Vulnerability Response integrator#15278

Draft
devGregA wants to merge 1 commit into
DefectDojo:bugfixfrom
devGregA:sc-13749_servicenowsecops_docs
Draft

docs(integrations): add ServiceNow SecOps / Vulnerability Response integrator#15278
devGregA wants to merge 1 commit into
DefectDojo:bugfixfrom
devGregA:sc-13749_servicenowsecops_docs

Conversation

@devGregA

Copy link
Copy Markdown
Contributor

Documents the new outbound ServiceNow SecOps / Vulnerability Response integrator on the Pro integrations reference.

Companion PRs:

  • Go tool: DefectDojo-Inc/go-integrators#199
  • Pro registration (Django + Vue): DefectDojo-Inc/dojo-pro#1929

Changes

  • integrations_toolreference.md — new ## ServiceNow SecOps section covering:
    • Instance setup with the three supported auth methods (OAuth 2.0 client credentials + refresh token or password grant; API key via x-sn-apikey; HTTP Basic), reusing the existing ServiceNow OAuth App Registry / /oauth_token.do flow.
    • Target-table mapping (Security Incident sn_si_incident / Vulnerable Item sn_vul_vulnerable_item).
    • Severity mapping to impact (SIR priority is derived from impact + urgency) and status mapping to state, with editable SIR-code defaults.
    • SecOps-specific behaviors: correlation_id deduplication (lookup-first create), work_notes journal updates, resolve-on-delete (never hard-deleted), and display-name → sys_id reference-field resolution.
  • integrations.md — add the integrator to the "Supported Integrations" list and the linked tool-reference list.

Note

State defaults use the standard SIR codes and are flagged in-text as instance-dependent (adjust to your ServiceNow configuration). Live validation against a ServiceNow PDI is tracked with the companion PRs.

🤖 Generated with Claude Code

Document the new outbound ServiceNow SecOps integrator on the Pro
integrations tool reference: instance setup (tri-modal auth — OAuth 2.0,
API key, HTTP Basic), target-table mapping (Security Incident /
Vulnerable Item), impact/state default mappings, and the SecOps-specific
behaviors (correlation_id dedupe, work_notes updates, resolve-on-delete,
reference-field resolution). Add it to both integrator lists.

Story: sc-13749
@github-actions github-actions Bot added the docs label Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant