ci(security-scanner): add support for Red Hat UBI images and fix typo (#21912)

* ci(security-scanner): add support for Red Hat UBI images and fix typo * hclfmt * clean-up comments Co-authored-by: Kent Gruber <kent@hashicorp.com> --------- Co-authored-by: Kent Gruber <kent@hashicorp.com>
2024-11-04 14:52:01 -05:00 · 2024-11-04 14:52:01 -05:00 · 1dfc265abe
parent 59447e9579
commit 1dfc265abe
2 changed files with 4 additions and 7 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -14,7 +14,7 @@

 container {
 	dependencies = true
-	alpine_secdb = true
+	osv          = true

 	secrets {
 		matchers {
@ -36,8 +36,7 @@ container {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 				"CVE-2024-8096", # curl@8.9.1-r2,
 				"CVE-2024-9143", # openssl@3.3.2-r0,
 			]
@ -79,8 +78,7 @@ binary {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
--- a/scan.hcl
+++ b/scan.hcl
@ -28,8 +28,7 @@ repository {
  # periodically cleaned up to remove items that are no longer found by the scanner.
  triage {
    suppress {
-      # N.b. `vulnerabilites` is the correct spelling for this tool.
-      vulnerabilites = [
+      vulnerabilities = [
      ]
      paths = [
        "internal/tools/proto-gen-rpc-glue/e2e/consul/*",