Add ignore file for trivy

lentzi90 · lentzi90 · commit dfcf74590d2f · 2025-05-21T06:11:23.000Z
We have a couple of CVEs that require bumping the go version
to 1.23, which we do not want to do on the release branch.
Govulncheck also identified that we are not affected by the CVEs
even though we are on an affected version of the modules.
This can be verified by running govulncheck with -show verbose
and cross referencing the vulnerabilities between trivy and
govulncheck.

Signed-off-by: Lennart Jern &lt;lennart.jern@est.tech&gt;
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,4 @@
+# These require updating the go version to 1.23.
+# According to govulncheck we are not using code that is affected by them anyway
+CVE-2025-22870
+CVE-2025-22872
