Email notifications are sent at every stage of the false positive workflow, providing the status and other details of a request. For example, when a CVIT or remediation task is marked as a false positive, the requester receives a confirmation email. Simultaneously, the approver receives an email stating that a CVIT or remediation task has been marked as a false positive. Starting from v2.5 of Container Vulnerability Response, you can configure the time frames for approving false positives and exceptions, along with email notifications for both the approver and requester after a set number of days. When a request is raised, the container vulnerable item changes to In-Review status and a state change record is created. If the approver doesn't respond within the configured time frame, the container vulnerable item or remediation task reverts to Open status. The previous state is stored in the backup_state field. For more information, see Configure approval rules for Exception Management.