UID2-6837: Silence CVE-2025-67030 (plexus-utils from Maven base image)

BehnamMozafari · BehnamMozafari · commit 8f028e7faca2 · 2026-03-31T15:29:23.000+11:00
diff --git a/.trivyignore b/.trivyignore
@@ -1,3 +1,7 @@
 # List any vulnerability that are to be accepted
 # See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ 
 # for more details
+
+# UID2-6837
+# plexus-utils directory traversal - comes from Maven installation in base image (maven:3.9.11-eclipse-temurin-21), not from our code dependencies. Not exploitable at runtime.
+CVE-2025-67030 exp:2026-05-01
