0
2.12.3
Yokohama, Xanadu, Washington DC, Vancouver
Vulnerability Response and Configuration Compliance for Containers helps organizations respond to container vulnerabilities quickly and efficiently by connecting security and application teams, and providing real-time visibility into your security posture. Container Vulnerability Response connects the workflow and automation capabilities of the Now Platform® with vulnerability scan data from leading container security vendors to give your teams a single platform for a response that can be shared between security and application teams.
The Vulnerability Response and Configuration Compliance for Containers application includes the following capabilities:
- Ability to refer to a Docker image as a configuration item (CI) from the container vulnerable items (CVITs).
- Provide runtime context such as Kubernetes Services, Clusters, Namespaces, and cloud account metadata for security teams to make decisions on assignment, remediation target, risk score calculation, etc.
- Assignment rules to automatically assign container vulnerabilities to the application teams based on Docker Image labels, Kubernetes cluster/namespace/service information, cloud account ID, cloud account name, cloud region, cloud provider, etc.
- Ability to populate base OS image vulnerable items separately to facilitate independent tracking of these vulnerabilities.
- Provide flexibility to configure granularity of container vulnerable items to track at Docker image level, cluster level, service level, etc.
- Automatically detect new versions of container images being deployed and close vulnerabilities reported on older versions.
- Exception management features for remediation owners to request for exceptions, multi-level approval workflow, and exception rules to automatically defer container vulnerable items.
- PA dashboard, which provides visibility into vulnerability and remediation trends.
- Fixed
- An issue with requesting extensions for exception rules in version 2.12.2.
- Resolution notes are added to the Work notes section of a container vulnerable item (CVIT) record when it moves to the Resolved state.
The following application for Vulnerability Response and Configuration Compliance for Containers application must be installed and activated.
- Vulnerability Response
Permissions and roles
- Roles required:
- For installation: System Admin (admin)
- For configurations: Container Vulnerability Admin (sn_vul_container.vulnerability_admin) for Container Vulnerability Response