Container Vulnerability Response remediation task and container vulnerable item states

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • With the Container Vulnerability Response application, you can use the state model to see the status of a remediation task, at any given time. Knowing how each state relates to and affects each other helps you to determine when and how to remediate your container vulnerable items (CVITs).

    Remediation task states

    Complex use cases can sometimes result in a container vulnerable item being in a different state than its remediation task. Understanding how states work helps to explain this behavior and can help with creating remediation tasks and creating or editing remediation task rules.

    Remediation tasks have many possible states as shown in the following diagram.
    Figure 1. Container Vulnerability Response state flow
    Container Vulnerability Response state flow diagram that describes the remediation task states as follows: Open, Under Investigation, Awaiting Implementation, In Review, Deferred or False Positive, Resolved, and Closed.
    Remarque :
    • Container vulnerable items cannot be closed manually.
    • Each task form contains Follow and Update buttons that are standard for ServiceNow tasks.

    Remediation task and CVIT state transition and precedence order

    Remediation tasks and vulnerable items states can affect each other. Most of the time, a remediation task state updates the vulnerable item state, with the highest precedence task state used to update the vulnerable items in the group.

    From the creation to closure of a Container Remediation Task, it transitions through various states during the entire remediation process.

    The state precedence is as follows:

    Closed > Deferred > Resolved > In Review > Awaiting Implementation > Under Investigation > Open

    The state transition happens as you perform various actions such as Defer, Open, Close, etc.

    The actions you can perform on a Container Remediation Task at a specific state is similar to that of a Host Remediation Task. Hence, for more information, see the Vulnerability Response remediation task states and State roll-up and roll-down scenarios in the Vulnerability Response documentation.