From 243e3c6b37d75a0b1488d2fbff628a39977c45d4 Mon Sep 17 00:00:00 2001
From: sebthom <sebthom@users.noreply.github.com>
Date: Thu, 18 Dec 2025 21:12:00 +0100
Subject: [PATCH] ci: add .trivyignore

---
 .trivyignore   | 6 ++++++
 build-image.sh | 3 +--
 2 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 0000000..f835326
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,6 @@
+# TODO https://gitea.com/gitea/act_runner/issues/774
+CVE-2024-25621
+CVE-2024-41110
+CVE-2025-52881
+CVE-2025-58183
+CVE-2025-61729
diff --git a/build-image.sh b/build-image.sh
index 65d5d80..4663297 100644
--- a/build-image.sh
+++ b/build-image.sh
@@ -163,8 +163,7 @@ fi
 #################################################
 # perform security audit
 #################################################
-# TODO see https://gitea.com/gitea/act_runner/issues/513
-if [[ ${DOCKER_AUDIT_IMAGE:-1} == "1" && $GITEA_ACT_RUNNER_VERSION == "nightly" ]]; then
+if [[ ${DOCKER_AUDIT_IMAGE:-1} == "1" ]]; then
   run_step "Auditing docker image [$image_name]" -- \
     bash "$shared_lib/cmd/audit-image.sh" "$image_name"
 fi