diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 3e9506d795..20c105f3b4 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -14,7 +14,7 @@
 
 container {
 	dependencies = true
-	alpine_secdb = true
+	osv          = true
 
 	secrets {
 		matchers {
@@ -36,8 +36,7 @@ container {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 				"CVE-2024-8096", # curl@8.9.1-r2,
 				"CVE-2024-9143", # openssl@3.3.2-r0,
 			]
@@ -79,8 +78,7 @@ binary {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
diff --git a/scan.hcl b/scan.hcl
index 0da769efb4..f67bb4b24e 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -28,8 +28,7 @@ repository {
   # periodically cleaned up to remove items that are no longer found by the scanner.
   triage {
     suppress {
-      # N.b. `vulnerabilites` is the correct spelling for this tool.
-      vulnerabilites = [
+      vulnerabilities = [
       ]
       paths = [
         "internal/tools/proto-gen-rpc-glue/e2e/consul/*",