.trivyignore: ignore cve (#10393)

sam-heilbron · jenshu · web-flow · commit a36c350e5c0c · 2024-11-22T15:53:06.000Z
Co-authored-by: Jenny Shu &lt;28537278+jenshu@users.noreply.github.com&gt;
diff --git a/.trivyignore b/.trivyignore
@@ -62,3 +62,9 @@ CVE-2024-45258
 # Therefore we include this entry for now and should remove it once 1.14 is no longer an LTS branch
 CVE-2024-27289
 CVE-2024-27304
+
+# https://github.com/advisories/GHSA-5fhx-39r8-3jwh
+# This is resolved in versions of Gloo Gateway that rely on Go1.22 and above (1.17, 1.18)
+# For earlier versions of Gloo Gateway, we confirmed that the vulnerability is not exploitable
+# and captured our findings here: https://github.com/solo-io/solo-projects/issues/7157#issuecomment-2463252858
+CVE-2022-30635
diff --git a/changelog/v1.18.0-rc2/trivy-ignore.yaml b/changelog/v1.18.0-rc2/trivy-ignore.yaml
@@ -0,0 +1,9 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: https://github.com/solo-io/solo-projects/issues/7157
+    resolvesIssue: false
+    description: >-
+      Update trivyignore contents
+      
+      skipCI-kube-tests:true
+      skipCI-docs-build:true
