diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 345db11..943a4ce 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Scan code with Trivy
         uses: aquasecurity/trivy-action@v0.36.0
         env:
-          TRIVY_IGNOREFILE: ".trivyignore.yaml"
+          TRIVY_IGNOREFILE: "./.trivyignore.yaml"
           TRIVY_SHOW_SUPPRESSED: 1
         with:
           scan-type: 'fs'
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 4b61f17..ba363f0 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -2,3 +2,9 @@ vulnerabilities:
   - id: GHSA-w5hq-g745-h8pq
     expired_at: 2026-05-23
     statement: "Waiting for upstream patch in paraglide"
+  - id: CVE-2026-29111
+    expired_at: 2026-05-31
+    statement: "No fixed version available in debian:13-slim - waiting for Debian to backport systemd patch"
+  - id: CVE-2025-69720
+    expired_at: 2026-05-31
+    statement: "No fixed version available in debian:13-slim - waiting for Debian to release ncurses patch"