The Vulnerability Response and Configuration Compliance for Containers application includes the following capabilities:

Ability to refer to a Docker image as a configuration item (CI) from the container vulnerable items (CVITs).
Provide runtime context such as Kubernetes Services, Clusters, Namespaces, and cloud account metadata for security teams to make decisions on assignment, remediation target, risk score calculation, etc.
Assignment rules to automatically assign container vulnerabilities to the application teams based on Docker Image labels, Kubernetes cluster/namespace/service information, cloud account ID, cloud account name, cloud region, cloud provider, etc.
Ability to populate base OS image vulnerable items separately to facilitate independent tracking of these vulnerabilities.
Provide flexibility to configure granularity of container vulnerable items to track at Docker image level, cluster level, service level, etc.
Automatically detect new versions of container images being deployed and close vulnerabilities reported on older versions.
Exception management features for remediation owners to request for exceptions, multi-level approval workflow, and exception rules to automatically defer container vulnerable items.
PA dashboard, which provides visibility into vulnerability and remediation trends.