Add CVE-2024-47534 to trivyignore file (#4712)

We're not vulnerable. Signed-off-by: Juan Antonio Osorio <[email protected]>
mindersec · Oct 10, 2024 · eb15217 · eb15217
1 parent b3203a4
commit eb15217
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -1,2 +1,5 @@
 # We don't use the affected constructs and thus are not vulnerable.
 CVE-2024-42473
+# We actually use go-tuf v2. v0.7.0 (which is vulnerable) is merely
+# a transitive dependency and we're not affected by the CVE.
+CVE-2024-47534