diff --git a/novulndep/go.mod b/novulndep/go.mod
new file mode 100644
index 0000000..db9ecb2
--- /dev/null
+++ b/novulndep/go.mod
@@ -0,0 +1,7 @@
+module git.frostfs.info/alexvanin/vulncheck-example/novulndep
+
+go 1.22.0
+
+require golang.org/x/crypto v0.19.0
+
+require golang.org/x/sys v0.17.0 // indirect
diff --git a/novulndep/go.sum b/novulndep/go.sum
new file mode 100644
index 0000000..8145e8f
--- /dev/null
+++ b/novulndep/go.sum
@@ -0,0 +1,6 @@
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
diff --git a/novulndep/main.go b/novulndep/main.go
new file mode 100644
index 0000000..9b0afa5
--- /dev/null
+++ b/novulndep/main.go
@@ -0,0 +1,17 @@
+// Novulndep is a package that imports golang.org/x/crypto package
+// without https://pkg.go.dev/vuln/GO-2023-2402 vulnarability
+package novulndep
+
+import (
+	"net"
+
+	"golang.org/x/crypto/ssh"
+)
+
+// FunctionWithVulnarability is a nop function that transitively adds
+// vulnarable code to a call trace of your application
+func FunctionNoVulnarability() error {
+	var c net.Conn
+	_, _, _, err := ssh.NewServerConn(c, new(ssh.ServerConfig))
+	return err
+}