BOSTON, Sept. 16, 2024 (GLOBE NEWSWIRE) -- Aqua Security, the pioneer in cloud native security, today announced VEX Hub, a vendor neutral repository for VEX (Vulnerability Exploitability eXchange). VEX is a new industry standard for communicating and sharing information on security vulnerabilities for software artifacts, and VEX Hub now provides users and software maintainers a single library of vulnerability information and less false positives.



VEX Hub aggregates VEX documents from software maintainers and organizes them in a central repository, making them accessible for consumption by scanning tools. VEX Hub information improves the accuracy of scanning results and provides actionable vulnerability reports to users. As part of the release, the latest version of Aqua Trivy open source consumes VEX Hub information so users can better prioritize vulnerabilities and reduce alert fatigue.

“For years, users have struggled to locate and prioritize software vulnerabilities and maintainers have struggled with how to share the information. VEX was created to solve these problems,” said Itay Shakury, VP Open Source at Aqua Security. “The missing piece to date is a system to collect the relevant vulnerability exploitation information into a central repository – that’s where VEX Hub comes in. We have worked with the VEX community since inception, and we’re ready to take VEX to the next level with VEX Hub.”

VEX Hub is built for collaboration and simplifies the management of VEX information. Aqua’s open source team has created one place for maintainers to easily share timely vulnerability updates, and for users to find and access the critical vulnerability exploitation information.

VEX Hub was included in the latest version of Trivy v0.54, so those running on this version can use VEX Hub in their Trivy scans using the `--vex repo` flag. Now Trivy will deliver fewer false-positives and more accurate, actionable vulnerability reports.

More on the VEX Hub repository and how to participate in the VEX Hub community is available here and then also on the Aqua Blog.

In the near future, Aqua customers will be able to take advantage of VEX Hub as part of the Aqua Platform scanner.

