From 1448d6be906215740293a6f63a2d6dade70004e5 Mon Sep 17 00:00:00 2001
From: Shawn Burke <shawn.burke@cortex.io>
Date: Wed, 10 Dec 2025 09:02:38 +1100
Subject: [PATCH] Move to stable debian, ignore unfixed container vulns

---
 .github/workflows/docker.yml | 1 +
 docker/Dockerfile            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index e3055e3..659e17f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -71,6 +71,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+          ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 44842f4..9705c83 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM debian:stable-slim
 WORKDIR /agent
 
 # Install dependencies