Container Vulnerability Response release notes

  • Release version: Zurich
  • Updated March 5, 2026
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Container Vulnerability Response release notes

    The ServiceNow Container Vulnerability Response application integrates security and IT functions to help you remediate critical container vulnerabilities efficiently. The Zurich release introduces enhancements designed to improve vulnerability data import, remediation task management, and integration with Wiz scanners.

    Show full answer Show less

    Key Features

    • Integration with Wiz Scanners: Import container image vulnerability data directly into container vulnerable items (CVITs) using the Vulnerability Response Integration with Wiz.
    • Manual Remediation Task Creation: Users with appropriate roles (such as snvulcontainer.vulnerabilityanalyst, snvulcontainer.vulnerabilityadmin, and snvulcontainer.remediationowner) can manually create container remediation tasks in the Vulnerability Manager and IT Remediation Workspaces.
    • Remediation Task Rule Execution Modes: Choose between "Match First" (assigns each finding to one remediation task by applying the first matching rule) and the default "Match All" mode (applies all relevant rules) to control how remediation tasks are assigned during ingestion.
    • Enhanced Vulnerability Data Mapping: Improved mapping of Wiz UUIDs to detection keys, addition of sourceid on container image findings, and updated image repository naming aligned with discovery formats.
    • Deprecated Assets Table: The snvulwizmissingasset table is deprecated. After upgrading to version 1.1, existing integrations require backdating by three days and rerunning to ensure data consistency.
    • Expanded Scanner Data Support: Namespace and cluster hierarchy information is now supported and populated in container image records to provide more detailed vulnerability context.
    • Cloud Configuration Compliance: Import Wiz cloud test results to detect non-compliant cloud configurations, integrating findings into the Configuration Compliance application to enforce security policies.
    • Performance Improvement: Limit the number of rows in related lists on forms via a system property to enhance readability and system performance.
    • Accessibility: The new Coral theme offers a dark mode option for both web and mobile, improving ease of use and reducing eye strain.

    Important Upgrade Notes

    • If not migrating to Unified Security Exposure Management (USEM), install Container Vulnerability Response versions below 30.x for compatibility.
    • After upgrading to version 1.1, backdate and rerun Wiz primary integrations by three days to complete data backfill and disable redundant backfill integrations.
    • Perform a full import post-upgrade to apply enhancements to container image findings and vulnerability records.
    • Review the Vulnerability Response Compatibility Matrix and Release Schema Changes article for detailed compatibility information with third-party and ServiceNow applications.

    Activation and Availability

    Container Vulnerability Response and its third-party integrations are available for installation via the ServiceNow Store. Customers should request the applications through the Store to access the latest versions and updates.

    The ServiceNow® Container Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Container Vulnerability Response was enhanced and updated in the Zurich release.

    Container Vulnerability Response highlights for the Zurich release

    • If you are currently using Container Vulnerability Response and you want to upgrade to Unified Security Exposure Management (USEM), see Unified Security Exposure Management release notes for more information about USEM and the Unified Security Exposure Management migration.
    • Import container image vulnerability data from the Wiz scanners into container vulnerable items (CVITs) with the Vulnerability Response Integration with Wiz.
    • With the sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin role, create container remediation tasks manually in the Vulnerability Manager Workspace.
    • With the role sn_vul_container.remediation_owner, create container remediation tasks manually in the IT Remediation Workspace.

    See Container Vulnerability Response for more information.

    Important:
    Container Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Container Vulnerability Response to Zurich

    If you are currently using Container Vulnerability Response, and you do not intend to upgrade to Unified Security Exposure Management (USEM), install a version below v30.x of Container Vulnerability Response and for upgrades to supported third-party integration applications.

    The Missing Assets [sn_vul_wiz_missing_asset] table used for storing assets imported by the backfill integrations for the Vulnerability Response Integration with Wiz is deprecated. If you are currently using the Vulnerability Response with Wiz integrations, after updating to version 1.1, you must backdate any of your existing Wiz primary integrations by three days and run them. Please review more information about the Wiz integration at SecOps articles on the Security Operations Community.

    For more information about the released versions of the Container Vulnerability Response application as well as the third-party and ServiceNow applications that are compatible with the Zurich release, see the Vulnerability Response Compatibility Matrix and Release Schema Changes [KB0856498] article in the Now Support Knowledge Base.

    New in the Zurich release

    Remediation task rule execution mode
    You can now choose how remediation task rules are evaluated during ingestion. The new Match First execution mode evaluates rules sequentially and applies only the first matching rule, assigning each finding to exactly one remediation task. The default Match All mode continues to evaluate all applicable rules.
    Enhancements to the Vulnerability Response Integration with Wiz
    • The Universally Unique Identifier (UUID) that identifies detections for the Wiz Host Vulnerability integration will be mapped to a detection key.
      Note:
      This enhancement is supported for new customers only.

      For existing customers, the detection key for the Wiz Host Vulnerability integration is created using the combination of vulnerability, asset_id, and proof.

    • Added the source_id column to the Container Image Finding table (sn_vul_container_image_findings) and mapped the id attribute from the Wiz import to this field on findings records.
      Note:
      Perform a full import after upgrading to view the enhancement on container image findings, container image, and container image vulnerabilities records.
    • The image repository name format for new and existing discovered container images has been updated to align with the discovery format. The supported format is registry/repository. A separate finding is created for a repository present in each registry.
    • Appended all repositories that are associated with an image to the Repository field on the Discovered Container Image [sn_vul_container_image] table, which can help you see images from specific repositories.
    • The default integration instance parameter for configuring finding keys for the Container Vulnerability Integration includes src_ci, vulnerability, package, image_layer, and image_repository.
    Enhancements to the Vulnerability Response Integration with Wiz

    The Missing Assets [sn_vul_wiz_missing_asset] is deprecated. After updating to version 1.1, you must backdate your existing primary Wiz integrations by three days and run them.

    The backfill integrations are activated by default.

    After you run them after updating to v1.1, the following backfill integrations are no longer required:
    • Host Vulnerability Backfill Integration
    • Test Results Backfill Integration
    • Host Test Results Backfill Integration
    • Issues Backfill Integration

    Data for resources that have the validated_at_runtime flag set to 'yes' is imported and populated on detections.

    The CMDB internet-facing field on the discovered item is mapped to Limited Internet Exposure on findings.

    Fix information that includes 'Fix available', 'Partial fix available', 'No fix available', and 'Fix version' from the [fix_available] and [fix_version] columns is rolled up to CVITs from findings. Note: If there are two or more findings on a CVIT, the fixed version might only apply to one. In that case, 'Partial fix available' is rolled up to the CVIT.

    The Wiz vendor severity attribute is mapped to the 'Source severity' column on findings records in the Container Image Findings [sn_vul_container_image_findings] table.

    The cluster and namespace is evaluated for all the following entity Types: DEPLOYMENT, DAEMON_SET, STATEFUL_SET, POD.

    Import container vulnerability data with the Vulnerability Response Integration with Wiz
    Import configuration test results from Wiz to detect non-compliant cloud configurations. Findings are mapped to cloud test results (CTRs) in the Configuration Compliance application to help you enforce security policies and standards across your cloud environment.
    Enhancements to imported scanner results
    Enhancements support more scanner data on imports. Namespaces and hierarchy cluster are considered and populated in the discovered container image [sn_vul_container_image] table if this data is imported.

    Changed in this release

    Configure maximum rows in related lists
    To improve readability and performance, you can now limit the number of rows shown in related lists on forms by setting the system property sn_vul_cmn.related_list.set_max_row.

    Activation information

    Install Container Vulnerability Response and third-party integrations by requesting them from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Accessibility information

    Dark theme
    The new Coral theme includes a dark theme option for web and mobile experiences. This option is commonly used to alleviate eye strain and improve readability.