diff --git a/oci/mimir/.trivyignore b/oci/mimir/.trivyignore
new file mode 100644
index 00000000..ac8aa6d9
--- /dev/null
+++ b/oci/mimir/.trivyignore
@@ -0,0 +1,4 @@
+# Upstream CVEs
+
+# golang.org/x/net - avoid quadratic complexity in HPACK decoding
+CVE-2022-41723