[Servicenow] Add agentless deployment

[moxarth-rathod]

Proposed commit message

servicenow: add agentless support and update kibana version constraint

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

• Clone integrations repo.
• Install the elastic package locally.
• Start the elastic stack using the elastic package.
• Move to integrations/packages/servicenow directory.
• Run the following command to run tests.

elastic-package test -v

Related issues

• Closes [servicenow] Add Agentless Deployment Support #19231

[infra-vault-gh-plugin-prod]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[github-actions]

TL;DR

The build failed for two different reasons: (1) a real PR issue in packages/servicenow/changelog.yml where the new changelog entry uses pull/1 instead of this PR link, and (2) a likely transient CI tooling failure while downloading/extracting GitHub CLI during benchmark publishing. Update the changelog link and re-run CI (or re-run only the benchmark step if supported).

Remediation

• Update packages/servicenow/changelog.yml so the new 2.1.0 entry uses https://github.com/elastic/integrations/pull/19432 (or use an issue URL if intentional).
• Re-run the failed benchmark job; the tar: not in gzip format error occurred while extracting the downloaded GitHub CLI archive in CI, which is typically transient/non-PR-code-related.
• If benchmark failures continue, harden .buildkite/scripts/common.sh download/extract path (see details) so bad HTTP payloads fail earlier and retry cleanly.

Investigation details

Root Cause

1. Code/config issue (deterministic):

   • PR commit 1a724d6a3d9b3d57726cfdbde622970ee5a74900 has:
     • packages/servicenow/changelog.yml:6 → link: https://github.com/elastic/integrations/pull/1
   • The changelog checker expects the current PR URL and fails on mismatch.

2. Infrastructure/dependency issue (likely transient):

   • Publish benchmarks failed while running .buildkite/scripts/process_benchmarks.sh during tool installation.
   • The failure happens in .buildkite/scripts/common.sh in with_github_cli() at download/extract:
     • common.sh:237 downloads GH CLI tarball via curl -sL ...
     • common.sh:240 extracts via tar -xpf ...
   • Log shows tar received non-gzip content, indicating the downloaded file was not a valid archive.

Evidence

• Build: https://buildkite.com/elastic/integrations/builds/44243
• Job/step: :scroll: Check changelog PR links
  • Key log excerpt:
    • ERROR: unexpected link: 'https://github.com/elastic/integrations/pull/1'
    • expected: 'https://github.com/elastic/integrations/pull/19432'
• Job/step: Publish benchmarks
  • Key log excerpt:
    • tar: This does not look like a tar archive
    • gzip: stdin: not in gzip format

Verification

• Local verification command: git show 1a724d6a3d9b3d57726cfdbde622970ee5a74900:packages/servicenow/changelog.yml | sed -n '1,30p'
• No CI rerun performed from this detective workflow.

Follow-up

• Optional CI hardening for maintainers: in .buildkite/scripts/common.sh use curl -fS (or equivalent status checks) before tar, and validate archive integrity so retries trigger on bad payloads.

Note

🔒 Integrity filter blocked 2 items

The following items were blocked because they don't meet the GitHub integrity level.

• [Servicenow] Add agentless deployment #19432 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #19432 pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

---

What is this? | From workflow: PR Buildkite Detective

Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not.

[github-actions]

✅ Elastic Docs Style Checker (Vale)

No issues found on modified lines!

---

The Vale linter checks documentation changes against the Elastic Docs style guide. To use Vale locally or report issues, refer to Elastic style guide for Vale.

[elastic-vault-github-plugin-prod]

✅ All changelog entries have the correct PR link.

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: fbaa440

History

• 💔 Build #44243 failed 1a724d6

cc @moxarth-rathod

[elastic-vault-github-plugin-prod]

Package servicenow - 2.1.0 containing this change is available at https://epr.elastic.co/package/servicenow/2.1.0/