Combined Container Vulnerability Response release notes for upgrades from Zurich to Australia

  • Release version: Australia
  • Updated May 4, 2026
  • 11 minutes to read

    • Consolidated page of all release notes for Container Vulnerability Response from Zurich to Australia.

    How to use this page

    To help you prepare for your upgrade, we have combined the cross-family Container Vulnerability Response release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Zurich to Australia.

    Tip:
    If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

    Important information for upgrading Container Vulnerability Response to Australia

    Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.

    Release Release notes

    Zurich

    If you are currently using Container Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Container Vulnerability Response and for upgrades to supported third-party integration applications.

    The Missing Assets [sn_vul_wiz_missing_asset] table used for storing assets imported by the backfill integrations for the Vulnerability Response Integration with Wiz is deprecated. If you are currently using the Vulnerability Response with Wiz integrations, after updating to version 1.1, you must backdate any of your existing Wiz primary integrations by three days and run them. Please review more information about the Wiz integration at SecOps articles on the Security Operations Community.

    For more information about the released versions of the Container Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Zurich release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    Australia

    Enhancements to Container Vulnerability Response permit you to see enriched container vulnerability data on data imports from your third-party scanners. After you upgrade, you must perform a full import to view the features on discovered container image, container image finding, and container vulnerable item records that are described in the following New in the Australia release section.

    If you're currently using Container Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Container Vulnerability Response and for upgrades to supported third-party integration applications.

    For more information about the released versions of the Container Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Australia release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    New features

    Between your current release family and Australia, new features were introduced for Container Vulnerability Response.

    Release Release notes

    Zurich
    Remediation task rule execution mode
    You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
    Enhancements to the Vulnerability Response Integration with Wiz
    • The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key.
      Note:
      This enhancement is supported for new customers only.

      For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination of vulnerability, asset_id, and proof.

    • Added the source_id column to the Container Image Finding table (sn_vul_container_image_findings) and mapped the id attribute from the Wiz import to this field on findings records.
      Note:
      Perform a full import after upgrading to view the enhancement on container image findings, container image, and container image vulnerabilities records.
    • The image repository name format for new and existing discovered container images has been updated to align with the discovery format. The supported format is registry/repository. A separate finding is created for a repository present in each registry.
    • Appended all repositories that are associated with an image to the Repository field on the Discovered Container Image [sn_vul_container_image] table, which can help you see images from specific repositories.
    • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.
    Enhancements to the Vulnerability Response Integration with Wiz

    The Missing Assets [sn_vul_wiz_missing_asset] is deprecated. After updating to version 1.1, you must backdate your existing primary Wiz integrations by three days and run them.

    The backfill integrations are activated by default.

    After you run them after updating to v1.1, the following backfill integrations are no longer required:
    • Host Vulnerability Backfill Integration
    • Test Results Backfill Integration
    • Host Test Results Backfill Integration
    • Issues Backfill Integration

    Data for resources that have the validated_at_runtime flag set to 'yes' is imported and populated on detections.

    The CMDB internet-facing field on the discovered item is mapped to Limited Internet Exposure on findings.

    Fix information that includes 'Fix available', 'Partial fix available', 'No fix available', and 'Fix version' from the [fix_available] and [fix_version] columns is rolled up to CVITs from findings. Note: If there are two or more findings on a CVIT, the fixed version might only apply to one. In that case, 'Partial fix available' is rolled up to the CVIT.

    The Wiz vendor severity attribute is mapped to the 'Source severity' column on findings records in the Container Image Findings [sn_vul_container_image_findings] table.

    The cluster and namespace is evaluated for all the following entity Types: DEPLOYMENT, DAEMON_SET, STATEFUL_SET, POD.

    Import container vulnerability data with the Vulnerability Response Integration with Wiz
    Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
    Enhancements to imported scanner results
    Enhancements support more scanner data on imports. Namespaces and hierarchy cluster are considered and populated in the discovered container image [sn_vul_container_image] table if this data is imported.

    Australia
    Enhancements to Container Vulnerability Response

    The image repository name format for new and existing discovered container images in the Container Vulnerability Response application has been updated to align with the discovery format. Perform a complete import to view the registry/repository enhancements on existing and new records.

    • The registry/repository format is supported for all third-party integrations including the Vulnerability Response integration with Palo Alto Networks Prisma Cloud Compute and Vulnerability Response Integration with Wiz third-party integrations.
    • Appended all repositories that are associated with an image to the Repository field on records on the Discovered Container Image [sn_vul_container_image] table, which can help you see images from specific repositories.
    • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.

    Added the source_id column to the Container Image Finding [sn_vul_container_image_findings] table. Mapped the id attribute from imports to the Source id field on findings records for all third-party integrations including the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute and Vulnerability Response Integration with Wiz third-party integrations.

    AWS Integration for Security Exposure Management
    The AWS Integration for Security Exposure Management supports integrations with the following AWS services:
    • AWS Inspector is an automated vulnerability management service that continuously scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities (CVEs) and unintended network exposure. The Vulnerability Response integration with AWS Inspector imports host and container vulnerability findings from AWS Inspector.
    • AWS Security Hub is a security service that is used to centralize and update security checks across AWS accounts. It provides a unified view of security alerts and compliance status by integrating with various AWS services. The Vulnerability Response integration with AWS Security Hub imports host, container vulnerabilities, and misconfigurations from AWS Security Hub.
    Unified Microsoft Defender Integration for Security Exposure Management
    The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
    Configure Image Vulnerability keys for Container Vulnerability Response CVIT creation
    Configure records on the Configure Image Vulnerability Keys [sn_vul_container_image_vulnerability_keys] table in your ServiceNow AI Platform® instance for the Image Vulnerability Keys that create container vulnerable items (CVIT)s.
    • The Universally Unique Identifier (UUID) provided by Wiz is now mapped as the detection key for the Wiz Host Vulnerability integration.
    • AWS ECS (Elastic Container Service) and AWS EKS (Elastic Kubernetes Service) environments are supported.
    • Cluster and Service are supported for AWS ECS environments.
    • Namespace, Registry, and Service are supported for AWS EKS environments.
    • Choose either Scanner (third-party scanners) or Discovery (Configuration Management Database (CMDB)) as sources for data import for AWS ECS and AWS EKS.
      Note:

      If you choose Discovery as the data source, the Populate image relationships scheduled job runs daily to pre-import cluster and service details, and you should schedule your third-party integration runs at least 4 hours after this scheduled job is completed to verify that the pre-import data is available. This job is activated by default, but you must set the schedule so it runs before your scheduled third-party integration runs.

      For new customers only: The system property, sn_vul_container.image_relationship_mapping_months sets the number of previous months (1-12) that you want your third-party integration to look for container image updates when processing relationship mappings. This data is used to filter images by the sys_updated_on field. The default setting is three months. After you configure the integration run, relationship mapping is created for images which have been scanned in the last 90 days and present in discovered container images.

    • Column labels on the Container Vulnerable item [sn_vul_container_image_vulnerable_item] table are updated to support the scanner and discovery options, depending on your choice on the Configure Image Vulnerability Keys configuration page:
      • Cluster (Scanner) Namespace (scanner), and Service (scanner) for scanner data
      • Cluster (Discovery), Namespace (Discovery) and Service (Discovery) for Discovery

    Changes

    Between your current release family and Australia, some changes were made to existing Container Vulnerability Response features.

    Release Release notes

    Zurich
    Configure maximum rows in related lists
    To improve readability and performance, you can now limit the number of rows shown in related lists on forms by setting the system property sn_vul_cmn.related_list.set_max_row.

    Australia

    		 No updates for this release.

    Removed

    Between your current release family and Australia, some Container Vulnerability Response features or functionality were removed.

    Release Release notes

    Zurich

    		 No updates for this release.

    Australia

    		 No updates for this release.

    Deprecations

    Between your current release family and Australia, some Container Vulnerability Response features or functionality were deprecated.

    Release Release notes

    Zurich

    		 No updates for this release.

    Australia

    		 No updates for this release.

    Activation information

    Review information on how to activate Container Vulnerability Response.

    Release Release notes

    Zurich

    Install Container Vulnerability Response and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Australia

    Install Container Vulnerability Response and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Additional requirements

    If any additional requirements were introduced or changed for Container Vulnerability Response we have noted them here.

    Release Release notes

    Zurich

    		 No updates for this release.

    Australia

    		 No updates for this release.

    Browser requirements

    If any specific browser requirements were introduced or changed for Container Vulnerability Response we have noted them here.

    Release Release notes

    Zurich

    		 No updates for this release.

    Australia

    		 No updates for this release.

    Accessibility information

    Review details on accessibility information for Container Vulnerability Response, such as specific requirements or compliance levels.

    Release Release notes

    Zurich
    Dark theme
    The new Coral theme includes a dark theme option for web and mobile experiences. This option is commonly used to alleviate eye strain and improve readability.

    Australia

    		 No updates for this release.

    Localization information

    If there are specific localization considerations for Container Vulnerability Response we have noted them here.

    Release Release notes

    Zurich

    		 No updates for this release.

    Australia

    		 No updates for this release.

    Highlight information

    If there are specific highlight considerations for Container Vulnerability Response we have noted them here.

    Release Release notes

    Zurich
    • If you are currently using Container Vulnerability Response and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management release notes for more information about USEM and the Unified Security Exposure Management migration.
    • Import container image vulnerability data from the Wiz scanners into container vulnerable items (CVITs) with the Vulnerability Response Integration with Wiz.
    • With the sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin role, create container remediation tasks manually in the Vulnerability Manager Workspace.
    • With the role sn_vul_container.remediation_owner, create container remediation tasks manually in the IT Remediation Workspace.

    See Container Vulnerability Response for more information.

    Australia
    • The AWS Integration for Security Exposure Management supports integrations with AWS Inspector and AWS Security Hub.
    • If you're currently using Container Vulnerability Response and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management (USEM) notes for more information about USEM and the Unified Security Exposure Management migration.
    • Import container image vulnerability data from the Wiz scanners into container vulnerable items (CVITs) with the Vulnerability Response Integration with Wiz.
    • With the sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin role, create container remediation tasks manually in the Vulnerability Manager Workspace.
    • With the role sn_vul_container.remediation_owner, create container remediation tasks manually in the IT Remediation Workspace.

    See Container Vulnerability Response for more information.