Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
Servicecore Integration
Servicecore is an IT service management platform that enables organizations to manage support tickets, service requests, and IT workflows. The Invicti AppSec integration with Servicecore allows security teams to create and track tickets in Servicecore directly from discovered vulnerabilities, ensuring security issues are routed through established IT service workflows.
Purpose in Invicti AppSec
Servicecore is used in Invicti AppSec as an Issue Manager — a tool for creating, tracking, and syncing tickets with external ticketing systems.
| Use Case | Description |
|---|---|
| Ticket creation from vulnerabilities | Create Servicecore tickets directly from vulnerability findings in Invicti AppSec |
| Remediation tracking | Monitor remediation progress through Servicecore ticket lifecycle |
| Workflow integration | Route security issues into existing IT service workflows managed in Servicecore |
Where It Is Used
| Page | Navigation Path | Purpose |
|---|---|---|
| Integrations — Issue Managers | Integrations › Issue Managers | Admin activation and global configuration |
| Project Settings | Project › Settings › Issue Managers | Link Servicecore to a specific project for automated ticket creation |
| Vulnerability List | Project › Vulnerabilities | Manually create a Servicecore ticket for a specific vulnerability |
| Team Lead Integrations | Team Lead view › Integrations › Issue Managers | Team leads activate instances delegated by admins |
Prerequisites
Before activating the integration, gather the following credentials from your Servicecore account:
| Field | Description | Required |
|---|---|---|
| Token | API token generated from your Servicecore account | Yes |
| URL | Your Servicecore instance URL (e.g., https://your-company.servicecore.com) | Yes |
| Insecure | Enable only if your instance uses a self-signed SSL certificate | No |
How to Obtain Credentials (on the Servicecore Side)
API Token:
- Log in to your Servicecore instance as an administrator.
- Navigate to Settings or Profile › API Access (exact location may vary by version).
- Generate a new API token and give it a descriptive name such as
invicti-aspm. - Copy the token immediately — it will not be shown again after the page is closed.
- Ensure the token belongs to an account with permission to create and manage tickets.
Instance URL:
- Your Servicecore URL is visible in the browser address bar when logged in.
- Use only the base URL without any path (e.g.,
https://acme.servicecore.com).
Activation Steps
Step 1: Navigate to Integrations
From the left sidebar, click Integrations.
Step 2: Open the Issue Managers Tab
On the Integrations page, click the Issue Managers tab.
Step 3: Find and Activate Servicecore
Locate the Servicecore card.
- If it is not yet activated, click Activate to open the settings drawer.
- If it is already activated, click the gear icon to reconfigure.
Step 4: Fill In the Required Fields
In the settings drawer, enter the required credentials:
| Field | Description | Required |
|---|---|---|
| Token | Your Servicecore API token | Yes |
| URL | Your Servicecore instance base URL | Yes |
| Insecure | Enable for self-signed SSL certificates | No |
Step 5: Test the Connection
Click Test Connection. A green "Connection successful" message confirms that Invicti AppSec can reach your Servicecore instance.
Step 6: Save
Click Save to complete the activation.
Summary
| Step | Action |
|---|---|
| 1 | Navigate to Integrations from the sidebar |
| 2 | Select the Issue Managers tab |
| 3 | Find Servicecore and click Activate (or the gear icon) |
| 4 | Enter Token and URL |
| 5 | Click Test Connection — verify the success message |
| 6 | Click Save |
Troubleshooting
| Issue | Resolution |
|---|---|
| Connection failed | Verify that the Token and URL are correct and that the Servicecore instance is reachable from the Invicti AppSec network. |
| 401 Unauthorized | The API token is invalid, expired, or belongs to an account without sufficient permissions. Regenerate the token in Servicecore. |
| URL invalid | Ensure the URL contains the protocol (https://) and no trailing path. Use only the base URL. |
| SSL / certificate error | Enable the Insecure option for self-signed certificates, or add the certificate to your trust store. |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center