{"id":3375,"date":"2026-02-06T00:15:56","date_gmt":"2026-02-06T00:15:56","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/02\/06\/reduce-vulnerability-noise-with-vex-wiz-docker-hardened-images\/"},"modified":"2026-02-06T00:15:56","modified_gmt":"2026-02-06T00:15:56","slug":"reduce-vulnerability-noise-with-vex-wiz-docker-hardened-images","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/02\/06\/reduce-vulnerability-noise-with-vex-wiz-docker-hardened-images\/","title":{"rendered":"Reduce Vulnerability Noise with VEX: Wiz + Docker Hardened Images"},"content":{"rendered":"<p>Open source components power most modern applications. A new generation of hardened container images can establish a more secure foundation, but even with hardened images, vulnerability scanners often return dozens or hundreds of CVEs with little prioritization. This noise slows teams down and complicates security triage. The VEX (Vulnerability Exploitability eXchange) standard addresses the problem by providing information on whether a specific vulnerability actually impacts an organization\u2019s application stack and infrastructure.<\/p>\n<p>A new integration between Docker Hardened Images (DHI) and Wiz CLI now gives security and platform teams accurate reachability insights by analyzing VEX data. Wiz worked with Docker to tune its scanners to properly ingest and parse the VEX statements included with every one of the more than 1,000 DHI images in the catalog. The integration helps users cut through vulnerability noise with scan results that deliver clear, actionable insights.<\/p>\n<p>When the Wiz scanner detects a Docker Hardened Image, it pulls from the image\u2019s VEX documents and OSV advisories to filter out false positives. For organizations already using Wiz, this means a simpler path to adopting hardened images across their container fleet. Finally, for organizations pursuing FedRAMP or other compliance certifications that specify VEX coverage, the ability of Wiz to read DHI VEX statements can accelerate compliance, reducing time to deployment and consequently time to revenue.<\/p>\n<h2 class=\"wp-block-heading\"><strong>TL;DR<\/strong> <\/h2>\n<h3 class=\"wp-block-heading\"><strong>Integrate Docker with Wiz to:<\/strong><\/h3>\n<ul class=\"wp-block-list\">\n<li>Minimize false positives using VEX and OSV data<\/li>\n<li>Identify base images and software components more accurately<\/li>\n<li>Provide security teams with clear visibility into software bills of materials (SBOMs)<\/li>\n<li>Reduce manual validation efforts by integrating detailed issue summaries into your remediation workflows<\/li>\n<li>Better image quality assurance with up-to-date package metadata and SPDX snippets<\/li>\n<li>Migrate to Docker Hardened Images with greater confidence<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\"><strong>Why VEX?<\/strong><\/h2>\n<p>VEX (Vulnerability Exploitability eXchange) is a machine-readable way for software suppliers to state whether a known vulnerability actually affects a specific product. Instead of inferring risk from dependency lists alone, VEX explicitly declares whether a vulnerability is not affected, affected, fixed, or under investigation. This matters because many scanner findings are not exploitable in real products, leading to false positives, wasted effort, and obscured real risk.<br \/>VEX\u00a0 enables transparent, auditable vulnerability status that security tools and customers can independently verify, unlike proprietary advisory feeds that obscure context and historical risk.<\/p>\n<h3 class=\"wp-block-heading\"><strong>Before you begin<\/strong><\/h3>\n<ul class=\"wp-block-list\">\n<li>Ensure you have access to both your Docker and Wiz organizations;<\/li>\n<li>Confirm your are using a Docker Hardened Image<\/li>\n<li>Ensure you have <strong>SBOM export and scan visibility<\/strong> enabled in Wiz.<\/li>\n<li><strong>Identifying Docker Hardened Images via the Integration on Wiz<\/strong><\/li>\n<li>With the integration, Wiz automatically detects Docker Hardened Images. The integration consists of two main functionalities on the Wiz dashboard. First, we will verify how many resources and organizations are using Docker Hardened Images by following these steps:\u00a0<\/li>\n<li>Navigate to the<a href=\"https:\/\/www.wiz.io\/integrations\/docker\" rel=\"nofollow noopener\" target=\"_blank\"> Wiz Docker integration page<\/a> and click connect<\/li>\n<li>You\u2019ll be prompted to log in to your Wiz dashboard<\/li>\n<li>Once logged in, navigate to the <strong>\u201cInventory\u201d<\/strong> section on the left side bar of your dashboard<\/li>\n<li>You\u2019ll be redirected to the \u201cTechnology\u201d dashboard, where Wiz detects all technologies running on customer environments. Now, look for \u201cDocker Hardened Images\u201d on the search bar<\/li>\n<li>Wiz automatically detects the specific operating systems running on each container mounts and flags them as hardened images<\/li>\n<\/ul>\n<div class=\"wp-block-ponyo-image\">\n                <img data-opt-id=965979832  fetchpriority=\"high\" decoding=\"async\" width=\"1600\" height=\"800\" src=\"https:\/\/www.docker.com\/app\/uploads\/2026\/02\/wiz1.png\" class=\"fade-in attachment-full size-full\" alt=\"wiz1\" title=\"- wiz1\" \/>\n        <\/div>\n<h2 class=\"wp-block-heading\"><strong>Checking for vulnerabilities on the Wiz dashboard<\/strong>:<\/h2>\n<p>Once you\u2019ve validated that Wiz can identify Docker Hardened Images, you will be able to check for vulnerabilities using Wiz\u2019s security graph and Docker\u2019s container metadata. In order to do that, follow these steps from the technologies tab:<\/p>\n<ul class=\"wp-block-list\">\n<li>Go to inventory\/technologies page and filter by operating systems or search for specific technology<\/li>\n<li>Click on the OS\/technology to view metadata and resource count<\/li>\n<li>Click to access the security graph view showing all resources running that technology<\/li>\n<li>Add a condition to filter for CVEs detected on those resources.\u00a0<\/li>\n<li>View all resources with their associated vulnerabilities in table or graph format<\/li>\n<\/ul>\n<div class=\"wp-block-ponyo-image\">\n                <img data-opt-id=67298571  fetchpriority=\"high\" decoding=\"async\" width=\"1133\" height=\"387\" src=\"https:\/\/www.docker.com\/app\/uploads\/2026\/02\/wiz2.png\" class=\"fade-in attachment-full size-full\" alt=\"wiz2\" title=\"- wiz2\" \/>\n        <\/div>\n<h2 class=\"wp-block-heading\"><strong>Final Check<\/strong><\/h2>\n<p>After setup, the vulnerabilities will appear according to your pre-set policies. You\u2019ll be able to get a detailed overview on each CVE listed, including graph visualizations for <strong>dependency relationships, severity distribution, and potential exploit paths<\/strong>. These insights will help you prioritize remediation efforts, track resolution progress, and ensure compliance with your organization\u2019s security standards.<\/p>\n<h3 class=\"wp-block-heading\"><strong>Integrating Docker Hardened Images for better software supply chain visibility<\/strong><\/h3>\n<p>The Docker-Wiz integration is more than just a checkbox in your security checklist. It provides:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Clarity<\/strong>: VEX documents and accurate base image identification eliminate guesswork, providing clear, contextual vulnerability data.<\/li>\n<li><strong>Confidence<\/strong>: Minimized false positives through OSV advisories and Docker-provided metadata ensures security teams can trust what they see.<\/li>\n<li><strong>Control<\/strong>: Enhanced visibility into SBOMs and technology usage empowers teams to prioritize and manage remediation effectively.<\/li>\n<li><strong>Coverage<\/strong>: Full-stack integration with Wiz surfaces vulnerabilities across all Docker environments, including hardened images and source-built components.<br \/>This partnership helps DevSecOps teams move fast and remain proactive against container vulnerabilities, an essential capability for modern, lean teams managing fast-paced releases, open source risk, and complex cloud-native environments.<\/li>\n<\/ul>\n<h3 class=\"wp-block-heading\"><strong>Ready to Get Started?<\/strong><\/h3>\n<p>If you\u2019re already using Docker Hardened Images and Wiz, you\u2019re just a few clicks away from reducing false positives, improving SBOM visibility, and making vulnerability data more actionable.<\/p>\n<ul class=\"wp-block-list\">\n<li>Check the <a href=\"https:\/\/utm.io\/ukLS1\" rel=\"nofollow noopener\" target=\"_blank\">Docker + Wiz solutions brief<\/a><\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>Visit the <a href=\"https:\/\/www.wiz.io\/integrations\/docker\" rel=\"nofollow noopener\" target=\"_blank\">Docker + Wiz integration page<\/a><\/li>\n<li>Read more about VEX in our <a href=\"https:\/\/docs.docker.com\/dhi\/core-concepts\/vex\/\" rel=\"nofollow noopener\" target=\"_blank\">documentation<\/a><\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>Open source components power most modern applications. A new generation of hardened container images can establish a more secure foundation, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3376,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=3375"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/3376"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=3375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=3375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=3375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}