Configure container image granularity keys for Container Vulnerability Response

  • Release version: Zurich
  • Updated March 11, 2026
  • 1 minute to read

    • Configure the keys that generate Container Vulnerability Response findings.

    Before you begin

    Role required: sn_vul_container.configure_vi_granularity

    Procedure

    1. Navigate to All > Container Vulnerability Response > Administration > Configure VI Granularity.
    2. Select a record for the integration you want to set the keys for.
    3. Select one for Data Source:
      Option Description
      Scanner Information Use your third-party scanner as a data source.
      Discovery Information Default setting. Use ServiceNow Discovery as your data source.

      For more information about data sources and keys, see Configuring container image granularity keys for Container Vulnerability Response.

    4. Select one or more components for your key.

      For more information about how component selections affect your keys and finding (CVIT) creation, see Configuring container image granularity keys for Container Vulnerability Response.

    5. Select Apply Changes.

      After you configure key granularity, if you want to use Discovery Information as your data source, you must schedule the [Populate image relationships] scheduled job. See Configuring container image granularity keys for Container Vulnerability Response for more information.

      View populated on the following columns on the Container Vulnerable Item [sn_vul_container_image_vulnerable_item] table. These columns have been renamed to match the data sources:
      • Cluster (Scanner) Namespace (scanner), and Service (scanner) if the Scanner Information data source is selected for the key configuration.
      • Cluster (Discovery), Namespace (Discovery) and Service (Discovery) if the Discovery Information data source is selected for the key configuration.
      Note:
      • On the CMDB Docker container image record on the Discovered Container Image [sn_vul_container_image] table, only Scanner Information is directly populated with the column names listed above.
      • You can view discovery-based data (cluster/namespace/service) by opening the Docker image record on the Discovered Container Image record. On this record, view the related items/relations section for the data populated by Discovery Information.