Integrate a new ServiceNow source
Setting up and configuring this integration is limited to users with an Owner or Manager access level. ServiceNow installation is only open to workspaces under the Business plan. However, you can install and test secret detection in ServiceNow with a 30-day trial. Any secret incidents detected during the trial will remain accessible in your incident dashboard.
GitGuardian integrates natively with ServiceNow via a dedicated User that you can create from your ServiceNow instance. Note that GitGuardian only has read access to your tables.
Setup your ServiceNow integration
You can install GitGuardian on multiple ServiceNow instances to monitor your tables.
1. Create a new user
- Login to your ServiceNow instance
- Go to Organization > Users and click New to create the new user required for authentication
- Set a User ID (e.g.:
GitGuardian
) and click Submit to create it
2. Give the required roles to the user
- Click on the User ID (e.g.:
GitGuardian
) to edit it and add the required roles - Go to the Roles tab and click Edit...
- Add the following roles and click Save:
admin
snc_read_only
Theadmin
role will give the user access to all tables, while thesnc_read_only
role will restrict access to read-only.
- Click Update to validate the roles added to the user
3. Set a password to the user
- Click on the User ID (e.g.:
GitGuardian
) to edit it and set a password - Click Set Password
- Click Generate and copy the password
- Save by clicking Save Password and Close
- Uncheck Password needs reset option and click Update
4. Finalize the configuration in GitGuardian
- In the GitGuardian platform, navigate to the Sources integration page
- Click Install next to ServiceNow in the Ticketing section
- Click Install on the ServiceNow integration page
- Paste your ServiceNow instance URL in the API endpoint URL field (e.g.:
https://acme.service-now.com/
) - Paste the newly created Username (e.g.:
GitGuardian
), its associated Password, and click Add
That's it! Your ServiceNow instance is now installed, and GitGuardian is monitoring all records of your tables for secrets.
Uninstall your ServiceNow instance
To uninstall a ServiceNow instance:
- In the GitGuardian platform, navigate to the Sources integration page
- Click Edit next to ServiceNow in the Ticketing section
- Click the bin icon next to the ServiceNow instance to uninstall
- Confirm by clicking Yes, uninstall in the confirmation modal
That's it! Your ServiceNow instance is now uninstalled.
Limitations
This integration is currently in beta and has the following limitations:
- Scan Frequency: Scans occur once an hour. It may take several minutes to detect newly leaked secrets.
For GitGuardian Self-Hosted instances, scan frequency can be configured in the Admin Area.- Time interval unit: seconds
- Default value: 3600 (1 hour)
- Minimum value: 1800 (30 minutes)
- Monitored Perimeter: Customization of the monitored perimeter is not supported. All tables are monitored by default.
- Team Perimeter: Customization of a team perimeter with ServiceNow tables is not supported. Users must be in All-incidents team to view and access ServiceNow incidents.
- Source Visibility: The visibility of tables is not determined. All tables are considered
private
in both the UI and API. - Presence Check: The presence check feature is not supported. All occurrences are considered
present
in both the UI and API. - File Attachments: File attachments are not scanned.
- Occurrence Previews: Previews of occurrences are not supported.
Privacy
Country-specific laws and regulations may require you to inform your users that your tables are being scanned for secrets. Here is a suggestion for a message you may want to use:
As part of our internal information security process, the company scans its tables for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only tables relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the table’s purpose.