Add CVE-2025-0395 to .trivyignore

.github/workflows/trivy.yml

@@ -55,6 +55,12 @@ jobs:
           --db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
           .
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Code Vulnerability Scan Results
         uses: actions/upload-artifact@v4
         with:
@@ -71,9 +77,16 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+          trivyignores: '.trivyignore'
         env:
           TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db'
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Docker Vulnerability Scan
         uses: actions/upload-artifact@v4
         with:
@@ -91,6 +104,12 @@ jobs:
           --db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
           .
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Code Vulnerability Scan Results
         uses: actions/upload-artifact@v4
         with:
@@ -107,9 +126,16 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+          trivyignores: '.trivyignore'
         env:
           TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db'
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Docker Vulnerability Scan
         uses: actions/upload-artifact@v4
         with:

.trivyignore

@@ -0,0 +1,2 @@
+# Accept the risk
+CVE-2025-0395