[release-1.14] ignore trivy false positive CVE-2020-8559

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
cert-manager · Apr 25, 2024 · b774723 · b774723
1 parent c1bc830
commit b774723
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.trivyignore b/.trivyignore
@@ -12,3 +12,8 @@ CVE-2019-25210
 
 # CVE-2024-24557 is a CVE in the docker CLI, which we're not using
 CVE-2024-24557
+
+# CVE-2020-8559 is a vuln in old Kubernetes versions which seems to be incorrectly flagged by trivy. It seems like
+# the version detection is wrongly looking at apiserver packages with versions < 1 - but all apiserver packages have
+# a major version of 0. In any case this is a vuln in Kubernetes clusters, not in our code.
+CVE-2020-8559