Backport of Add alpine image cves to suppress list into release/1.20.x (#21970)

backport of commit 82857bb91e Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
1 day ago · 5aca81263d
parent 983582aa3b
commit 5aca81263d
1 changed files with 5 additions and 0 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -39,6 +39,11 @@ container {
 			vulnerabilities = [
 				"CVE-2024-8096", # curl@8.9.1-r2,
 				"CVE-2024-9143", # openssl@3.3.2-r0,
+				"CVE-2024-3596", # openssl@3.3.2-r0,
+				"CVE-2024-2236", # openssl@3.3.2-r0,
+				"CVE-2024-26458", # openssl@3.3.2-r0,
+				"CVE-2024-2511", # openssl@3.3.2-r0,
+				#the above can be resolved when they're resolved in the alpine image
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",