diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index d4cdc44fa3..1f596964d2 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -49,6 +49,9 @@ jobs:
         TAG=$(docker images --format "{{.Repository}}:{{.Tag}} {{.CreatedAt}}" | grep "rancher/rke2-runtime" | sort -k2 -r | head -n1 | awk '{print $1}')
         echo "TAG=${TAG}" >> "$GITHUB_OUTPUT"
 
+    - name: Download Rancher's VEX Hub report
+      run: curl -fsSO https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json
+
     - name: Run Trivy on image
       uses: aquasecurity/trivy-action@0.24.0
       with:
@@ -56,6 +59,9 @@ jobs:
         format: 'table'
         severity: "HIGH,CRITICAL"
         output: "trivy-image-report.txt"
+      env:
+        TRIVY_VEX: rancher.openvex.json
+        TRIVY_SHOW_SUPPRESSED: true
     
     - name: Run Trivy on filesystem
       uses: aquasecurity/trivy-action@0.24.0
@@ -64,6 +70,9 @@ jobs:
         scan-ref: '.'
         severity: "HIGH,CRITICAL"
         output: "trivy-fs-report.txt"
+      env:
+        TRIVY_VEX: rancher.openvex.json
+        TRIVY_SHOW_SUPPRESSED: true
     
     - name: Upload Trivy Reports
       uses: actions/upload-artifact@v4
@@ -113,4 +122,4 @@ jobs:
     steps:
       - name: Report Failure
         run: |
-          gh issue comment ${{ github.event.issue.number }} -b ":x: Trivy scan action failed, check logs :x:"
\ No newline at end of file
+          gh issue comment ${{ github.event.issue.number }} -b ":x: Trivy scan action failed, check logs :x:"