Container Vulnerability Response release notes

  • Release version: Australia
  • Updated June 5, 2026
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Container Vulnerability Response release notes

    The ServiceNow® Container Vulnerability Response application integrates security and IT teams to accelerate the remediation of critical container vulnerabilities. The Australia release enhances this application by improving integrations with third-party scanners, expanding AWS service support, and consolidating Microsoft Defender plugins for better container vulnerability management.

    Show full answer Show less

    Key Features

    • AWS Integration Enhancements: Supports AWS Inspector and AWS Security Hub for importing host and container vulnerabilities and misconfigurations, enabling continuous and centralized vulnerability management across AWS environments.
    • Wiz Integration Improvements: Allows importing container image vulnerability data directly into Container Vulnerable Items (CVITs). Asset integration is now optional and configurable by resource types, reducing unnecessary data imports.
    • Unified Microsoft Defender Integration: Consolidates Microsoft Defender for Cloud and Threat and Vulnerability Management into a single plugin, adding container image vulnerability ingestion and streamlining migration from deprecated plugins.
    • Container Image and Vulnerability Data Enhancements: Updates image repository name formats to align with discovery data, appends multiple repository associations to images, and adds detailed source identifiers for findings. These changes support better visibility and tracking of vulnerability data across third-party integrations.
    • Configurable Image Vulnerability Keys: Enables configuration of detection keys for creating CVITs, including support for AWS ECS and EKS environments with options for data sources from scanners or discovery (CMDB), improving flexibility in vulnerability data ingestion and relationship mapping.

    Important Upgrade Considerations

    • A full data import is required after upgrading to enable enriched container vulnerability data and registry/repository enhancements.
    • Customers not migrating to Unified Security Exposure Management (USEM) should install versions below 30.x and ensure compatibility with third-party integrations.
    • Deprecated features include the Path column on the Container Image Package table (moved to Container Image Finding table) and the Missing Assets table for Wiz integration, requiring adjustments in data reference and backdating of Wiz integrations.

    Activation and Installation

    The Container Vulnerability Response application and its third-party integrations are available via the ServiceNow Store. Customers can request and install these applications directly from the store. For comprehensive version history and release notes, customers should consult the ServiceNow Store documentation.

    The ServiceNow® Container Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Container Vulnerability Response was enhanced and updated in the Australia release.

    Container Vulnerability Response highlights for the Australia release

    • The AWS Integration for Security Exposure Management supports integrations with AWS Inspector and AWS Security Hub.
    • If you're currently using Container Vulnerability Response and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management (USEM) notes for more information about USEM and the Unified Security Exposure Management migration.
    • Import container image vulnerability data from the Wiz scanners into container vulnerable items (CVITs) with the Vulnerability Response Integration with Wiz.
    • With the sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin role, create container remediation tasks manually in the Vulnerability Manager Workspace.
    • With the role sn_vul_container.remediation_owner, create container remediation tasks manually in the IT Remediation Workspace.

    See Container Vulnerability Response for more information.

    Important:
    Container Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Container Vulnerability Response to Australia

    Enhancements to Container Vulnerability Response permit you to see enriched container vulnerability data on data imports from your third-party scanners. After you upgrade, you must perform a full import to view the features on discovered container image, container image finding, and container vulnerable item records that are described in the following New in the Australia release section.

    If you're currently using Container Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Container Vulnerability Response and for upgrades to supported third-party integration applications.

    For more information about the released versions of the Container Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Australia release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    New in the Australia release

    Enhancements to Container Vulnerability Response

    The image repository name format for new and existing discovered container images in the Container Vulnerability Response application has been updated to align with the discovery format. Perform a complete import to view the registry/repository enhancements on existing and new records.

    • The registry/repository format is supported for all third-party integrations including the Vulnerability Response integration with Palo Alto Networks Prisma Cloud Compute and Vulnerability Response Integration with Wiz third-party integrations.
    • Appended all repositories that are associated with an image to the Repository field on records on the Discovered Container Image [sn_vul_container_image] table, which can help you see images from specific repositories.
    • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.

    Added the source_id column to the Container Image Finding [sn_vul_container_image_findings] table. Mapped the id attribute from imports to the Source id field on findings records for all third-party integrations including the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute and Vulnerability Response Integration with Wiz third-party integrations.

    AWS Integration for Security Exposure Management
    The AWS Integration for Security Exposure Management supports integrations with the following AWS services:
    • AWS Inspector is an automated vulnerability management service that continuously scans EC2 instances, ECR container images, and Lambda functions for software vulnerabilities (CVEs) and unintended network exposure. The Vulnerability Response integration with AWS Inspector imports host and container vulnerability findings from AWS Inspector.
    • AWS Security Hub is a security service that is used to centralize and update security checks across AWS accounts. It provides a unified view of security alerts and compliance status by integrating with various AWS services. The Vulnerability Response integration with AWS Security Hub imports host, container vulnerabilities, and misconfigurations from AWS Security Hub.
    Unified Microsoft Defender Integration for Security Exposure Management
    The Microsoft Defender for Cloud and Microsoft Defender Threat and Vulnerability Management (MS TVM) plugins are now consolidated into a single plugin: Microsoft Defender Integration for Security Exposure Management. This consolidation deprecates the standalone Microsoft Defender for Cloud plugin. The unified plugin also introduces container image vulnerability ingestion from Microsoft Defender for Cloud, creating Container Vulnerable Items on your instance. A guided migration path is available to transfer existing data from the deprecated applications to the unified plugin.
    Configure Image Vulnerability keys for Container Vulnerability Response CVIT creation
    Configure records on the Configure Image Vulnerability Keys [sn_vul_container_image_vulnerability_keys] table in your ServiceNow AI Platform® instance for the Image Vulnerability Keys that create container vulnerable items (CVIT)s.
    • The Universally Unique Identifier (UUID) provided by Wiz is now mapped as the detection key for the Wiz Host Vulnerability integration.
    • AWS ECS (Elastic Container Service) and AWS EKS (Elastic Kubernetes Service) environments are supported.
    • Cluster and Service are supported for AWS ECS environments.
    • Namespace, Registry, and Service are supported for AWS EKS environments.
    • Choose either Scanner (third-party scanners) or Discovery (Configuration Management Database (CMDB)) as sources for data import for AWS ECS and AWS EKS.
      Note:

      If you choose Discovery as the data source, the Populate image relationships scheduled job runs daily to pre-import cluster and service details, and you should schedule your third-party integration runs at least 4 hours after this scheduled job is completed to verify that the pre-import data is available. This job is activated by default, but you must set the schedule so it runs before your scheduled third-party integration runs.

      For new customers only: The system property, sn_vul_container.image_relationship_mapping_months sets the number of previous months (1-12) that you want your third-party integration to look for container image updates when processing relationship mappings. This data is used to filter images by the sys_updated_on field. The default setting is three months. After you configure the integration run, relationship mapping is created for images which have been scanned in the last 90 days and present in discovered container images.

    • Column labels on the Container Vulnerable item [sn_vul_container_image_vulnerable_item] table are updated to support the scanner and discovery options, depending on your choice on the Configure Image Vulnerability Keys configuration page:
      • Cluster (Scanner) Namespace (scanner), and Service (scanner) for scanner data
      • Cluster (Discovery), Namespace (Discovery) and Service (Discovery) for Discovery

    Deprecated features

    • The Path Column in the Container Image Package [sn_vul_container_image_package] table for the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute and Vulnerability Response Integration with Wiz third-party integrations. Path tracking has been moved to the Path Column on the Container Image Finding [sn_vul_container_image_findings] table to support accurate and consistent path and image association.

      If you use these integrations you must refer to the Path column available on the Container Image Finding [sn_vul_container_image_findings] table.

    • The Missing Assets [sn_vul_wiz_missing_asset] table used for storing assets imported by the backfill integrations for the Vulnerability Response Integration with Wiz is deprecated. If you're currently using the Vulnerability Response with Wiz integrations, after updating to version 1.1, you must backdate any of your existing Wiz primary integrations by three days and run them. See more information about the Wiz integration at SecOps articles on the Security Operations Community.

    Activation information

    Install Container Vulnerability Response and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.