diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 8eeff8f..1f9dbcc 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -255,6 +255,7 @@ jobs:
             --ignore-unfixed \
             --exit-code 1 \
             --cache-dir .cache/trivy \
+            --vex vex.json \
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest-amd64
 
   # ─────────────────────────────────────────────────────────────────────────────
@@ -667,6 +668,7 @@ jobs:
             --ignore-unfixed \
             --exit-code 1 \
             --cache-dir .cache/trivy \
+            --vex vex.json \
             ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:pr-${{ github.event.pull_request.number }}-amd64
 
       # Smoke-test SBOM generation against the PR amd64 image.
diff --git a/SECURITY.md b/SECURITY.md
index 216215b..f5b0f92 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -112,6 +112,26 @@ This section documents the attack surface, trust boundaries, and identified thre
 - `BOOKSTACK_BASE_URL` is operator-supplied at deployment time; it is not accepted from end users or MCP clients
 - Operators are responsible for ensuring the URL points to a legitimate BookStack instance
 
+## VEX Document
+
+A [VEX (Vulnerability Exploitability eXchange)](https://openvex.dev/) document is maintained at [`vex.json`](vex.json) in OpenVEX format. When a vulnerability scanner reports a CVE in a dependency that does not affect this project — for example, a vulnerable code path that is never called, or a CVE present only in a development dependency not shipped in the Docker image — a statement is added to `vex.json` with a machine-readable justification.
+
+Trivy reads `vex.json` automatically during both PR and release scans, suppressing confirmed non-applicable findings from gate failures.
+
+**To add a VEX statement**, append an entry to the `statements` array in `vex.json`:
+
+```json
+{
+  "vulnerability": { "name": "CVE-YYYY-NNNNN" },
+  "products": [{ "@id": "pkg:github/paradoxbound/bookstack-mcp" }],
+  "status": "not_affected",
+  "justification": "vulnerable_code_not_in_execute_path",
+  "impact_statement": "Brief explanation of why this CVE does not affect the deployed product."
+}
+```
+
+Valid `justification` values: `component_not_present`, `vulnerable_code_not_present`, `vulnerable_code_not_in_execute_path`, `vulnerable_code_cannot_be_controlled_by_adversary`, `inline_mitigations_already_exist`.
+
 ## Reporting a Vulnerability
 
 Please do **not** open a public GitHub issue for security vulnerabilities.
diff --git a/vex.json b/vex.json
new file mode 100644
index 0000000..76d160e
--- /dev/null
+++ b/vex.json
@@ -0,0 +1,8 @@
+{
+  "@context": "https://openvex.dev/ns/v0.2.0",
+  "@id": "https://github.com/paradoxbound/bookstack-mcp/blob/main/vex.json",
+  "author": "paradoxbound",
+  "timestamp": "2026-03-09T00:00:00Z",
+  "version": 1,
+  "statements": []
+}