diff --git a/.github/workflows/docker-unified.yml b/.github/workflows/docker-unified.yml
index 40951ff67e..61e03a0c93 100644
--- a/.github/workflows/docker-unified.yml
+++ b/.github/workflows/docker-unified.yml
@@ -337,6 +337,7 @@ jobs:
           severity: "CRITICAL,HIGH"
           ignore-unfixed: true
           vuln-type: "os,library"
+          trivy-config: "./trivy.yaml"
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000000..151fcf2141
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,4 @@
+scan:
+  skip-dirs:
+    # Skip Python uv cache directories to avoid duplicate vulnerability reports in upstreams
+    - "/home/datahub/.cache/uv/**/pyspark/jars/**"