OpenVEX and CSAF VEX on Linux: Cutting Trivy & Grype False Positives in 2026
VEX is the layer between your SBOM and your scanner that says this CVE doesn't apply to us, and here's why. Walks through OpenVEX, CSAF VEX, vexctl, Trivy --vex, Grype match exclusions, and the CI pipeline pattern I run on every Linux build.
