diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000..317b818a
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,9 @@
+# Helm
+CVE-2024-34156  # stdlib - helm binary
+
+# Python
+
+CVE-2024-33663 # python-jose needs patching/replacing abandonware no fix
+
+
+
diff --git a/requirements.txt b/requirements.txt
index a78e230b..53f9eba0 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31,7 +31,7 @@ PyNaCl==1.5.0
 pytest==8.0.0
 pytest-django==4.8.0
 python-dotenv==1.0.1
-python-jose==3.2.0
+python-jose==3.3.0
 pyyaml==6.0.1
 rules==3.3
 sentry-sdk==2.17.0