fix(scheduler): ignore OTel security issue in scheduler

.github/workflows/security-scans.yml

@@ -200,6 +200,12 @@ jobs:
           - "scheduler"
           - "certificate-operator"
     steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
       - name: Download images
         id: download_images
         uses: actions/download-artifact@v3
@@ -213,6 +219,7 @@ jobs:
           input: "images/${{ matrix.image }}-image.tar/${{ matrix.image }}-image.tar"
           severity: 'CRITICAL,HIGH'
           exit-code: '1'
+          trivyignores: .trivyignore
 
   govulncheck:
     name: Govulncheck

.trivyignore

@@ -0,0 +1,7 @@
+# DoS vulnerability in otelhttp in scheduler
+# The scheduler uses an old version of k8s,
+# what forces us to use an older version of OTel
+# which has the vulnerability.
+# As the scheduler will be removed soon, there is no need
+# to invest time to fix it.
+CVE-2023-45142