Vulnerability Response and Configuration Compliance for Containers helps organizations respond to container vulnerabilities quickly and efficiently by connecting security and application teams, and providing real-time visibility into your security posture. Container Vulnerability Response connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading container security vendors to give your teams a single platform for a response that can be shared between security and application teams.
The Vulnerability Response and Configuration Compliance for Containers application includes the following capabilities:
- Ability to refer to a Docker image as a configuration item (CI) from the container vulnerable items (CVITs).
- Provide runtime context such as Kubernetes Services, Clusters, Namespaces, and cloud account metadata for security teams to make decisions on assignment, remediation target, risk score calculation, etc.
- Assignment rules to automatically assign container vulnerabilities to the application teams based on Docker Image labels, Kubernetes cluster/namespace/service information, cloud account ID, cloud account name, cloud region, cloud provider, etc.
- Ability to populate base OS image vulnerable items separately to facilitate independent tracking of these vulnerabilities.
- Provide flexibility to configure granularity of container vulnerable items to track at Docker image level, cluster level, service level, etc.
- Automatically detect new versions of container images being deployed and close vulnerabilities reported on older versions.
- Exception management features for remediation owners to request for exceptions, multi-level approval workflow, and exception rules to automatically defer container vulnerable items.
- PA dashboard, which provides visibility into vulnerability and remediation trends.
- Fixed:
- Exception rules are automatically approved when they are created by users with granular roles.
The following application for Vulnerability Response and Configuration Compliance for Containers application must be installed and activated.
- Vulnerability Response
Permissions and roles
- Roles required:
- For installation: System Admin (admin)
- For configurations: Container Vulnerability Admin (sn_vul_container.vulnerability_admin) for Container Vulnerability Response