From f065c162d136a46d4cd48e1e5ae2e84c81b4e3ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 30 Apr 2026 15:42:23 +0200 Subject: [PATCH 1/2] update trivyignore for unpatched CVEs --- .trivyignore.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.trivyignore.yaml b/.trivyignore.yaml index 4b61f17..ba363f0 100644 --- a/.trivyignore.yaml +++ b/.trivyignore.yaml @@ -2,3 +2,9 @@ vulnerabilities: - id: GHSA-w5hq-g745-h8pq expired_at: 2026-05-23 statement: "Waiting for upstream patch in paraglide" + - id: CVE-2026-29111 + expired_at: 2026-05-31 + statement: "No fixed version available in debian:13-slim - waiting for Debian to backport systemd patch" + - id: CVE-2025-69720 + expired_at: 2026-05-31 + statement: "No fixed version available in debian:13-slim - waiting for Debian to release ncurses patch" From c03a2e224a6cd91603f9cd7df06a7e570f1dcfa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20W=C3=B3jcik?= Date: Thu, 30 Apr 2026 15:42:34 +0200 Subject: [PATCH 2/2] align trivy config across repos --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 345db11..943a4ce 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -39,7 +39,7 @@ jobs: - name: Scan code with Trivy uses: aquasecurity/trivy-action@v0.36.0 env: - TRIVY_IGNOREFILE: ".trivyignore.yaml" + TRIVY_IGNOREFILE: "./.trivyignore.yaml" TRIVY_SHOW_SUPPRESSED: 1 with: scan-type: 'fs'