Container Vulnerability Response assignment rules

Release version: Zurich

Updated July 31, 2025

1 minute to read

Define the criteria by which container vulnerable items are automatically assigned to an assignment group for remediation.

To create and view assignment rules for container vulnerable items, navigate to All > Container Vulnerability Response > Administration > Assignment Rules. When you create an assignment rule, you can set the conditions. When these conditions are met, the rule automatically assigns the container vulnerable items to the selected user group. Only the first assignment rule with a matching condition runs against a record. See Vulnerability Response assignment rules overview for more information about assignment rules.

Roles required: sn_vul_container.manage_assignment_rules to define and update rules and sn_vul_container.container_reapply to reapply rules.

Starting with version 2.13, fields for scanner information have been added to the records on the Discovered Container Image [sn_vul_container_image] table. You can use the following values as conditions when you create or update your assignment rules for container image vulnerable items (CVITs) to help you track ownership across your container environments.

Cloud account IDs
Image namespaces
Registry
Hosts
Labels
Status (Vendor status for a resolved vulnerability)
Note:
This value on Container Image Finding [sn_vul_container_image_findings] table the refers to the version in which a vulnerability was resolved, for example, Fixed in 6.2.1. This value is imported from the Vulnerability Response Integration with Palo Alto Networks Prisma Cloud Compute integration.

Note:

Container vulnerable items (CVITs) that are not in the Open state or have been manually assigned are always excluded from assignment rules. If you add values for these scanner fields to your assignment rules and rerun your rules, vulnerable items are not reassigned unless the assignment type is Rule. Items with Type manual are not considered by the assignment rules.

Important:

As a vulnerability admin and analyst, you can obtain the latest assignments for selected CVITs in the Vulnerability Manager Workspace. This method is more efficient than reapplying the Assignment Rules for all CVITs in the classic UI, which is a time-consuming process. For more information, see Re-evaluate the remediation properties of the records in the Vulnerability Manager Workspace.