Report vulns of image include trivy vulnerabilities

[chary1112004]

What steps did you take and what happened:

We are checking vulnerabilities of our image and we saw that these are actually vulnerabilities of Trivy itself that includes to report about our image. For example: #2371 (CVE-2025-21613) is being reported.

What did you expect to happen:

We should not see these vulnerabilities in our image ..

Anything else you would like to add:

• hem chart: https://artifacthub.io/packages/helm/trivy-operator/trivy-operator

• version: 0.24.1
• value file

fullnameOverride: "trivy-operator"

operator:
  # scanJobsConcurrentLimit the maximum number of scan jobs create by the operator
  scanJobsConcurrentLimit: 3

  # -- scanJobTimeout the length of time to wait before giving up on a scan job
  scanJobTimeout: 20m

  # -- infraAssessmentScannerEnabled the flag to enable infra assessment scanner
  infraAssessmentScannerEnabled: false

  # -- controllerCacheSyncTimeout the duration to wait for controller resources cache sync (default: 5m).
  controllerCacheSyncTimeout: "10m"

serviceMonitor:
  enabled: true
  labels:
    release: prometheus

resources:
  # -- We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  requests:
    cpu: 15m
    memory: 250Mi

trivyOperator:
  # -- scanJobPodTemplateContainerSecurityContext SecurityContext the user wants the scanner and node collector containers (and their
  # initContainers) to be amended with.
  scanJobPodTemplateContainerSecurityContext:
    allowPrivilegeEscalation: true
    capabilities:
     drop:
       - ALL
    privileged: true
    readOnlyRootFilesystem: true
    # -- For filesystem scanning, Trivy needs to run as the root user
    runAsUser: 0

trivy:
  # -- slow this flag is to use less CPU/memory for scanning though it takes more time than normal scanning. It fits small-footprint
  slow: false

  # -- offlineScan is the flag to enable the offline scan functionality in Trivy
  # This will prevent outgoing HTTP requests, e.g. to search.maven.org
  offlineScan: false

  # -- ignoreUnfixed is the flag to show only fixed vulnerabilities in
  # vulnerabilities reported by Trivy. Set to true to enable it.
  #
  ignoreUnfixed: true

  # -- timeout is the duration to wait for scan completion.
  timeout: "20m0s"

  # -- command. One of `image`, `filesystem` or `rootfs` scanning, depending on the target type required for the scan.
  # For 'filesystem' and `rootfs` scanning, ensure that the `trivyOperator.scanJobPodTemplateContainerSecurityContext` is configured
  # to run as the root user (runAsUser = 0).
  command: rootfs

  # -- resources resource requests and limits for scan job containers
  resources:
    requests:
      cpu: 100m
      memory: 500M
      # ephemeralStorage: "2Gi"
    limits:
      cpu: 500m
      memory: 2000M
      # ephemeralStorage: "2Gi"

nodeCollector:
  # -- useNodeSelector determine if to use nodeSelector (by auto detecting node name) with node-collector scan job
  useNodeSelector: false

Any suggestion to resolve this issue would be very much appreciated!

Thanks!

Environment:

• Trivy-Operator version (use trivy-operator version): 0.23.0
• Kubernetes version (use kubectl version): 1.31
• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc):