Skip to main content

How to integrate Snyk API & Web with ServiceNow

This guide provides step-by-step instructions for installing, configuring, and using the Snyk API & Web integration for ServiceNow.

Written by Claudio Gamboa

This integration periodically fetches data, such as Targets and Findings, from the Snyk API & Web platform and includes it in your ServiceNow Application Vulnerability Response (AVR) tables, allowing you to manage Snyk API & Web vulnerabilities within your ServiceNow workflow.

Prerequisites

Before you begin, ensure you have the following:

  • Snyk API & Web requirements:

    • A Snyk API & Web API Key.

    • Your Snyk API & Web base URL.

    • A valid Enterprise license for the Snyk Platform.

  • ServiceNow version compatibility:

    • Washington DC, Xanadu, or Yokohama.

  • Required ServiceNow plugins:

    • Vulnerability Response (v25.0.7 or newer). You must have a Pro or Enterprise license for this plugin.

  • Required ServiceNow roles:

    • You will need the System Administrator (admin) role in ServiceNow to install the application and configure system properties.

Step 1: Install the Snyk API & Web application in ServiceNow

First, install the Snyk API & Web application from the ServiceNow Store.

  1. Navigate to the ServiceNow Store and search for “Snyk API and Web”, or access this link directly.

  2. Click Get and enter your ServiceNow account's HI credentials to add the application to your instance.

  3. Log in to your ServiceNow instance as a System Administrator.

  4. Navigate to Applications > All Available Applications > All.

  5. Find the Snyk API and Web application and click Install.

Step 2: Assign required roles to users

After installation, assign the necessary roles to the users or groups who manage the integration.

  1. In your ServiceNow instance, navigate to User Administration > Users.

  2. Select the user you want to assign roles to.

  3. In the user record, under the Roles tab, click Edit.

  4. Search for and add the following roles:

    • sn_vul.app_configure_integrations

    • sn_vul.app_update_state

    • sn_vul.app_write_all

    • x_snyk2_api_web_vr.admin (This is the Snyk Application Admin role)

  5. Click Save.

Step 3: Authenticate and configure the integration

Next, connect the application to your Snyk API & Web account and configure the data filters.

  1. In ServiceNow, navigate to the Snyk API and Web application menu and select Authentication.

  2. Enter your Snyk API & Web base URL (if different from the default). For example, https://api.eu.probely.com, https://api.us.probely.com, etc.

  3. Paste your Snyk API & Web API Key into the corresponding field.

  4. Click Authenticate Credentials to validate the connection.

  5. Once authentication is successful, expand the Filter Configuration section. Here you can define which assets and findings to import.

    • Target Labels: Filter by Snyk API & Web Target Labels.

    • Finding Labels: Filter by Snyk API & Web Finding Labels.

    • Teams: Filter by Snyk API & Web Teams.

    • Severity: Filter by Snyk API & Web Severity level (Low, Medium, High, Critical).

    Note: Within a single filter, an OR logic is used (for example, selecting High and Critical imports findings with either severity). Across different filters, an AND logic is used (e.g., selecting a Target Label and a Severity requires a finding to match both).

  6. Click Save Filter Configuration. If no filters are selected, the integration will fetch all targets and findings by default.

Step 4: Perform the initial data import

After authentication, run the initial import to pull findings from Snyk API & Web into ServiceNow.

  1. In ServiceNow, navigate to the Snyk API and Web application menu and click Integrations.

  2. Select the Snyk Findings Import record.

  3. To run the import immediately, click Execute Now.

  4. To set up a recurring import, check the Active box and configure the schedule (e.g., Daily, Weekly, Monthly) as needed.

Verify the outcome

Once the integration run is complete, you can verify its success:

  • View imported targets: Navigate to Snyk API and Web > Targets. You will see a list of the application targets imported from Snyk API & Web.

  • View vulnerable items: Navigate to Snyk API and Web > Application Vulnerable Items. This list contains all the findings from Snyk API & Web.

  • Check the dashboard: Navigate to Snyk API and Web > Snyk Dashboards for a graphical overview of the imported data.

Manage the integration

Re-test findings

When an Application Vulnerable Item (AVIT) is closed in ServiceNow, you can trigger a re-test in Snyk API & Web.

  1. Navigate to Snyk API and Web > Retest Targets.

  2. Ensure the Scheduled Script Execution is set to Active. This job periodically checks for closed AVITs and initiates a re-test in Snyk API & Web.

Fetch labels and teams

To update the available filter options in the configuration, you can manually fetch the latest labels and teams from Snyk API & Web.

  1. Navigate to Snyk API and Web > Fetch Labels and Teams.

  2. Click Execute Now.

Advanced configuration

The integration includes default assignment rules and CI lookup rules. You can customize these to fit your organization's workflow by navigating to Application Vulnerability Response > Administration.

Important: Do not delete the integration record from the Integrations module. Doing so requires a full re-installation of the application.

Did this answer your question?