Docker has announced an enhanced integration with Aikido for vulnerability scanning of Docker Hardened Images (DHI). The key addition is built-in VEX (Vulnerability Exploitability eXchange) support, which allows Docker to automatically exclude vulnerabilities that have been verified as non-exploitable. Previously, developers had to manually triage every alert, including those that posed no real risk. Now, validated non-exploitable findings drop out of the scanning queue automatically, saving teams time and reducing alert fatigue.
For developers using Docker Hardened Images, this means they can focus on genuine, exploitable vulnerabilities. The integration leverages Docker's internal verification and Aikido's scanning engine to ensure that only actionable results appear. This improvement directly addresses the common pain point of false positives in container security. By filtering out noise, development cycles become faster and security reviews more efficient.
To benefit from this enhancement, users need to have Docker Hardened Images enabled and connected to Aikido. The automatic VEX filtering works out-of-the-box. This update is part of Docker's ongoing effort to simplify security for developers, making it easier to build and deploy containers without sacrificing safety.