From 64dedf41bb3af4b9e70014ad17e541b53ee6fe1b Mon Sep 17 00:00:00 2001
From: odubajDT <ondrej.dubaj@dynatrace.com>
Date: Mon, 30 Oct 2023 13:50:05 +0100
Subject: [PATCH 1/3] fix(scheduler): ignore OTel security issue in scheduler

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
---
 .github/workflows/security-scans.yml | 1 +
 .trivyignore                         | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 .trivyignore

diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml
index b83c01b1d7..6d36702333 100644
--- a/.github/workflows/security-scans.yml
+++ b/.github/workflows/security-scans.yml
@@ -213,6 +213,7 @@ jobs:
           input: "images/${{ matrix.image }}-image.tar/${{ matrix.image }}-image.tar"
           severity: 'CRITICAL,HIGH'
           exit-code: '1'
+          trivyignores: .trivyignore
 
   govulncheck:
     name: Govulncheck
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 0000000000..53478605cb
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,2 @@
+# DoS vulnerability in otelhttp in scheduler
+CVE-2023-45142
\ No newline at end of file

From 3802abad16ad5d5ccc0cb11cbfb223ce69cf40e4 Mon Sep 17 00:00:00 2001
From: odubajDT <ondrej.dubaj@dynatrace.com>
Date: Mon, 30 Oct 2023 14:16:24 +0100
Subject: [PATCH 2/3] fix

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
---
 .github/workflows/security-scans.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml
index 6d36702333..5f27991e5a 100644
--- a/.github/workflows/security-scans.yml
+++ b/.github/workflows/security-scans.yml
@@ -200,6 +200,12 @@ jobs:
           - "scheduler"
           - "certificate-operator"
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
       - name: Download images
         id: download_images
         uses: actions/download-artifact@v3

From 281e1c501bad67ae2fc20716863a3e92a634d2a5 Mon Sep 17 00:00:00 2001
From: odubajDT <ondrej.dubaj@dynatrace.com>
Date: Mon, 30 Oct 2023 14:34:10 +0100
Subject: [PATCH 3/3] pr review

Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
---
 .trivyignore | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.trivyignore b/.trivyignore
index 53478605cb..3ab778a831 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,2 +1,7 @@
 # DoS vulnerability in otelhttp in scheduler
-CVE-2023-45142
\ No newline at end of file
+# The scheduler uses an old version of k8s,
+# what forces us to use an older version of OTel
+# which has the vulnerability.
+# As the scheduler will be removed soon, there is no need
+# to invest time to fix it.
+CVE-2023-45142