Fewer Findings, Less Noise, Faster Reviews
ActiveState container images give Trivy less to find because there are fewer vulnerabilities to report. VEX data on every image filters out false positives, so your security team focuses on real threats.
.webp)
How it works
Run Trivy against ActiveState container images the same way you scan any image. ActiveState provides VEX (Vulnerability Exploitability eXchange) data alongside each image, which Trivy can consume to suppress non-exploitable findings and reduce scanner noise.
What ActiveState adds to Trivy
~95% fewer CVEs to report
ActiveState images carry a fraction of the vulnerabilities found in community equivalents. Trivy's scan results start shorter because the attack surface is smaller.
~68% less scanner noise from false positives
ActiveState's VEX data marks non-exploitable vulnerabilities so Trivy can filter them from results. Your team triages real issues instead of chasing false positives.
Continuous remediation between scans
When a CVE is patched, ActiveState rebuilds and publishes the updated image within SLA timelines. Your next Trivy scan shows improved results without manual intervention.
FAQs
How does Trivy consume ActiveState's VEX data?
Trivy supports VEX ingestion natively. Point Trivy at the VEX document shipped with each ActiveState image, and it will automatically suppress non-exploitable findings in scan results.
Does ActiveState replace Trivy?
No. Trivy is a scanner and ActiveState is a secure source. They work together: ActiveState reduces the number of vulnerabilities Trivy finds, and VEX data helps Trivy filter the rest.
Still have questions?
Talk to our team.
Make Trivy Scans Actionable
Talk to our team about pairing ActiveState images with your Trivy scanning workflows.
%20(1).webp)