From ba78584d82e0c14785835c6ed8ce1ee5165d7d8f Mon Sep 17 00:00:00 2001
From: Anthony Brown <anthony.brown8@nhs.net>
Date: Fri, 20 Feb 2026 11:16:54 +0000
Subject: [PATCH] add trivyignore

---
 .trivyignore.yaml | 4 ++++
 trivy.yaml        | 1 +
 2 files changed, 5 insertions(+)
 create mode 100644 .trivyignore.yaml
 create mode 100644 trivy.yaml

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
new file mode 100644
index 00000000..b1803154
--- /dev/null
+++ b/.trivyignore.yaml
@@ -0,0 +1,4 @@
+vulnerabilities:
+  - id: CVE-2026-26996
+    statement: downstream dependency for minimatch
+    expired_at: 2026-04-01
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 00000000..eb243375
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1 @@
+ignorefile: ".trivyignore.yaml"