Request an exception for a container vulnerable item

Watch

Save as PDF

Share this page

Feedback

Security Operations

HomeVancouver Security ManagementSecurity OperationsAttack surface management applicationsContainer Vulnerability ResponseRemediating container vulnerabilitiesException management in Container Vulnerability ResponseRequesting and approving an exception in Container Vulnerability ResponseRequest an exception for a container vulnerable item

Table of Contents

Request an exception for a container vulnerable item

Release version:
Vancouver
Yokohama
Xanadu
Washington DC
UpdatedAug 3, 2023
2 minutes to read

Vancouver
Security Operations

The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.

Request an exception for a container vulnerable item (CVIT) that can’t be remediated immediately. For example, as a remediation owner, you can request an exception if a patch isn’t available for a machine.

Before you begin

Role required: Developer Group

Procedure

Navigate to Container Vulnerability Response > Container Vulnerable Items > All.
Select the item that you want to request an exception for.
The selected item must be in Open or Under Investigation state.
On the Container Vulnerable Item form, click Request Exception.

On the form, fill in the fields.

Table 1. Request Exception form
Field	Description
Until	Date on which the exception request expires. This date must be within the duration selected in the All > Container Vulnerability Response > Administration > Exception Management screen. When the exception request expires, the group reverts to its Open state. Note: Starting with version 1.2 of Container Vulnerability Response, if a vulnerable item was deferred for remediation by using the exception management feature, then in case it is reopened by the scanner, the deferral date set on the vulnerability will still persist. To enable this functionality, set the value of the system property sn_vul.container.auto_defer_cvit_in_active_exception_window to true. Also, the deferred until date persists even after the CVIT gets closed or the exception expires. The role required is sn_vul_container.manage_exception_configuration for both read and write.
Reason	Reason for the exception. Choices are as follows: Risk Accepted Awaiting Maintenance Window Fix Unavailable Mitigating Control in Place Other To see how to add new reason choices, see Define a policy reason mapping.
Additional information	Details that are related to the reason why this request is being made. This field is to be updated by the remediation owner.

Submit the exception request by clicking Request Approval.
The state of the container vulnerable item changes to In Review. Use the State Change Approval tab to track the status of the exception request.

Was this topic helpful?

Yes No

Requesting and approving an exception in Container Vulnerability Response

Request an exception for a container remediation task

Requesting and approving an exception in Container Vulnerability Response

Request an exception for a container remediation task

Vancouver Security Management

Filters

Versions

Products