Webinar Recap: Aligning CMDB and Vulnerability Response with Real-Time Code Context
Educational
Published June 27 2025 · 2 min. read
In a recent webinar, Apiiro and ServiceNow showcased a powerful new integration that helps security teams manage risk across the software development lifecycle with greater context, automation, and accuracy. The joint solution brings together Apiiro’s deep code analysis and code-to-runtime correlation with ServiceNow’s market-leading CMDB and Application Vulnerability Response (AVR) capabilities, creating the industry’s first agentic SDLC system of record. If you missed the live session, here’s a quick recap. ## What We Covered ### A first-of-its-kind integration The session explored how Apiiro extends ServiceNow’s CMDB and AVR with live code inventory and real-time software architecture visibility. No developer input required. Together, Apiiro and ServiceNow provide the missing link between application risk in development and how it’s tracked, prioritized, and remediated in production. ### A dynamic view of software risk Apiiro automatically detects material changes in code, from APIs and PII to AI models and authentication flows. These insights continuously enrich ServiceNow’s CMDB, ensuring asset profiles reflect reality, even as code evolves. ### Context that drives action The integration enables vulnerability records to be enriched with deployment context, business impact, and real-time ownership. As a result, security teams can prioritize findings by exploitability and exposure (not just CVSS score) and automate remediation workflows across teams. ## Key Highlights ### Live software inventory Apiiro connects via read-only APIs to your source control systems to discover APIs, data models, open-source components, and more, with no manual tagging or developer surveys. ### Enriched CMDB entries Business application records in ServiceNow are continuously updated with deployment status, sensitive data exposure, active development status, and associated runtime mappings. ### Smarter vulnerability response ServiceNow AVR now includes code-to-runtime context, enabling teams to pinpoint which vulnerabilities are exposed, public-facing, or actively used, and link them to remediation owners instantly. ### Flexible and configurable The integration allows teams to control which code repositories and risk types are synced and how often. Granular filters support precise ingestion and enrichment. ### Real-world ROI In one example shared during the session, a customer reduced mean time to remediation (MTTR) from 470 days to just 23, without impacting developer velocity. ## See It in Action The webinar includes a live walkthrough of the Apiiro + ServiceNow integration, including how to: - Deploy the integration via the ServiceNow Store - View enriched business application profiles in CMDB - Investigate prioritized vulnerabilities in AVR - Trace risks from runtime to code and back - Automate risk scoring based on real-time software changes **Watch the full recording here →**[Apiiro ASPM for Application Vulnerability Response](https://www.youtube.com/watch?v=etS1dVubReA) (Or embed the video into the page) ## Looking Ahead This integration marks a major step toward aligning security operations with the speed and complexity of modern software development. By combining code-level insight with operational workflows, Apiiro and ServiceNow are helping security teams shift from reactive to proactive, with confidence and context. Have questions or want to see a tailored demo? [Contact us here](https://apiiro.com/schedule-a-demo/).
Timothy Jung