From 5f83df637d4f5523a0167316ef761120098bca24 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Thu, 23 May 2024 11:25:13 -0700
Subject: [PATCH] Backport of security: enable go stdlib scans into
 release/1.18.x (#21211)

* backport of commit 00ad74d1460fedbd0c1ddd1d5a63d52408270452

* backport of commit 0401151cfcece4aa8419f3f9f638e97bca66a618

* backport of commit 700e0aec84117d4a1ecc963128583cdac8d3bc90

---------

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
---
 .release/security-scan.hcl | 1 +
 scan.hcl                   | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 8401764bc4..88b2c88117 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -56,6 +56,7 @@ container {
 binary {
 	go_modules   = true
 	osv          = true
+	go_stdlib    = true
 	# We can't enable npm for binary targets today because we don't yet embed the relevant file
 	# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
 	
diff --git a/scan.hcl b/scan.hcl
index 82888d3be8..b0a1b924b4 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -15,9 +15,10 @@
 # unlike the scans configured here, will block releases in CRT.
 
 repository {
-  go_modules   = true
-  npm          = true
-  osv          = true
+  go_modules              = true
+  npm                     = true
+  osv                     = true
+  go_stdlib_version_file  = ".go-version"
 
   secrets {
     all = true