Ignore Known Trivy Vulnerabilities (#1413)

TimPansino · web-flow · commit 1037701cba3f · 2025-06-27T14:10:27.000-07:00
diff --git a/.github/.trivyignore b/.github/.trivyignore
@@ -0,0 +1,9 @@
+# =======================
+# Ignored Vulnerabilities
+# =======================
+
+# Accepting risk due to Python 3.7 and 3.8 support.
+CVE-2025-50181
+
+# Not relevant, only affects Pyodide
+CVE-2025-50182
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -43,6 +43,7 @@ jobs:
           format: table
           exit-code: 1
           severity: "CRITICAL,HIGH,MEDIUM,LOW"
+          trivyignores: ".github/.trivyignore"
 
       - name: Run Trivy vulnerability scanner in repo mode
         if: ${{ github.event_name == 'schedule' }}
@@ -53,6 +54,7 @@ jobs:
           format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH,MEDIUM,LOW"
+          trivyignores: ".github/.trivyignore"
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: ${{ github.event_name == 'schedule' }}
