• Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images Open source components power most modern applications. • A new generation of hardened container images can establish a more secure foundation, but even with hardened images, vulnerability scanners often return dozens or hundreds of CVEs with little prioritization. • This noise slows teams down and complicates security triage. • The VEX (Vulnerability Exploitability eXchange) standard addresses the problem by providing information on whether a specific vulnerability actually impacts an organization’s application stack and infrastructure. • A new integration between Docker Hardened Images (DHI) and Wiz CLI now gives security and platform teams accurate reachability insights by analyzing VEX data. • Wiz worked with Docker to tune its scanners to properly ingest and parse the VEX statements included with every one of the more than 1,000 DHI images in the catalog.
Article Summaries:
- Docker and Wiz have launched an integration that leverages the VEX (Vulnerability Exploitability eXchange) standard to filter out false‑positive CVEs in Docker Hardened Images (DHI). By parsing VEX documents and OSV advisories, Wiz’s scanner now identifies which vulnerabilities actually affect an organization’s stack, providing clearer, actionable insights. The partnership enables faster adoption of hardened images, improves SBOM visibility, and supports compliance programs such as FedRAMP that require VEX coverage. The result is a streamlined vulnerability triage process and reduced manual validation for security teams.
Sources: