PMAP field notes

Field notes on running vulnerability management

Practical writeups on scan orchestration, finding correlation and remediation lifecycle, published by the practitioners who run vulnerability management on the platform, not by a marketing desk.

Practitioner-authored
Multi-vendor grounded
Triage to closure

Vulnerability Management April 22, 2026

Consolidating Tenable, Qualys and Rapid7 in One Console

Bring Tenable, Qualys and Rapid7 findings into one console with normalized severity and dedup. See how PMAP ends VM scanner sprawl.

By PMAP Security Team Read post
Vulnerability Management April 20, 2026

DAST at Scale: Acunetix and Invicti Into PMAP

Run Acunetix, Invicti and Burp DAST scans through one platform with authenticated scans and scope control. See how PMAP scales DAST.

By PMAP Security Team Read post
Vulnerability Management April 18, 2026

SAST Results From SonarQube and Checkmarx, Normalized

Pull SonarQube, Checkmarx and Fortify SAST results into one normalized finding model. See how PMAP unifies static analysis output.

By PMAP Security Team Read post
Vulnerability Management April 17, 2026

SCA and SBOM Ingestion With Snyk and Black Duck

Ingest Snyk, Black Duck and Sonatype results, pull CycloneDX and SPDX SBOMs and view dependency graphs. See how PMAP centralizes SCA.

By PMAP Security Team Read post
Vulnerability Management April 15, 2026

Two-Way ITSM: Jira, ServiceNow and ManageEngine

Sync findings two ways with Jira, ServiceNow and ManageEngine using webhooks and polling. See how PMAP keeps tickets and findings aligned.

By PMAP Security Team Read post
Vulnerability Management April 14, 2026

Six CI/CD Vendors, One Webhook Standard

Wire GitHub, GitLab, Jenkins, Azure DevOps, Bamboo and Bitbucket to one signed webhook standard with PR security gates. See how PMAP unifies CI/CD.

By PMAP Security Team Read post
Vulnerability Management April 12, 2026

Securing Connector Credentials and Secrets in a VM Platform

How PMAP encrypts scanner and ITSM credentials at rest, tests connections safely and rotates webhook secrets. See the connector security model.

By PMAP Security Team Read post
Vulnerability Management April 11, 2026

HMAC-Signed Webhooks for Real-Time Integration Sync

How PMAP verifies inbound webhooks with HMAC-SHA256 and constant-time checks, then syncs findings in real time. See the webhook security model.

By PMAP Security Team Read post
Vulnerability Management April 9, 2026

A Vendor Marketplace of 30+ Tools Across 9 Categories

Browse PMAP integrations across 9 categories: VM, DAST, SAST, SCA, ITSM, CI/CD and more. See which 30+ vendor types connect in one hub.

By PMAP Security Team Read post