chore: Add .trivyignore file to ignore vulnerabilities in Python, .NET, and Go dependencies

Jacob Woffenden · Jacob Woffenden · commit db66dd88fe3d · 2024-08-08T22:42:43.000+01:00
Signed-off-by: Jacob Woffenden &lt;jacob.woffenden@digital.justice.gov.uk&gt;
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,16 @@
+# Python
+## setuptools
+CVE-2024-6345 # TODO: @jacobwoffenden - Figure out where this comes from and patch it
+
+# .NET
+## We are running the latest dotnet-sdk from Ubuntu
+CVE-2024-0057
+CVE-2024-38095
+CVE-2024-0057
+CVE-2024-0057
+CVE-2024-38095
+CVE-2024-0057
+
+# Go
+## aws-sso
+CVE-2024-41110 # Vulnerability in github.com/docker/docker, but we don't run Docker on CDE
