From 1dfc265abe20b202bd90cf3946020a1587717667 Mon Sep 17 00:00:00 2001 From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> Date: Mon, 4 Nov 2024 14:52:01 -0500 Subject: [PATCH] ci(security-scanner): add support for Red Hat UBI images and fix typo (#21912) * ci(security-scanner): add support for Red Hat UBI images and fix typo * hclfmt * clean-up comments Co-authored-by: Kent Gruber --------- Co-authored-by: Kent Gruber --- .release/security-scan.hcl | 8 +++----- scan.hcl | 3 +-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 3e9506d795..20c105f3b4 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -14,7 +14,7 @@ container { dependencies = true - alpine_secdb = true + osv = true secrets { matchers { @@ -36,8 +36,7 @@ container { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ "CVE-2024-8096", # curl@8.9.1-r2, "CVE-2024-9143", # openssl@3.3.2-r0, ] @@ -79,8 +78,7 @@ binary { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*", diff --git a/scan.hcl b/scan.hcl index 0da769efb4..f67bb4b24e 100644 --- a/scan.hcl +++ b/scan.hcl @@ -28,8 +28,7 @@ repository { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*",