The Application Vulnerability Response (AVR) feature of the ServiceNow® Vulnerability Response application imports application vulnerable items (AVIs) and, according to rules, allows you to remediate application vulnerabilities. Vulnerability Response is available by separate subscription.

Starting with AVR v19.0, some key table and column names have been updated. As a result, you will see references to both the older and newer names in the documentation. For the complete list of updated terms, see Application Vulnerability Response product view.

Starting with v19.0 of Vulnerability Response, You can ingest Software Composition Analysis (SCA) and Software Bill of Materials (SBOM) vulnerability data to help you identify weaknesses in your software applications. For more information, see Exploring Software Bill of Materials and Veracode Vulnerability Integration.

Starting with version 18.0 of Vulnerability Response, you can monitor and remediate AVIs in Vulnerability Manager Workspace and IT Remediation Workspace respectively. For more information, see Exploring the Vulnerability Manager Workspace and Exploring the IT Remediation Workspace.