Backport of security: enable go stdlib scans into release/1.18.x (#21211)

* backport of commit 00ad74d146 * backport of commit 0401151cfc * backport of commit 700e0aec84 --------- Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com> Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
6 months ago · 5f83df637d
parent 30ee5a2377
commit 5f83df637d
2 changed files with 5 additions and 3 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -56,6 +56,7 @@ container {
 binary {
 	go_modules   = true
 	osv          = true
+	go_stdlib    = true
 	# We can't enable npm for binary targets today because we don't yet embed the relevant file
 	# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
 	
--- a/scan.hcl
+++ b/scan.hcl
@ -15,9 +15,10 @@
 # unlike the scans configured here, will block releases in CRT.

 repository {
-  go_modules   = true
-  npm          = true
-  osv          = true
+  go_modules              = true
+  npm                     = true
+  osv                     = true
+  go_stdlib_version_file  = ".go-version"

  secrets {
    all = true