Backport of ci(security-scanner): add support for Red Hat UBI images and fix typo into release/1.20.x (#21913)

* backport of commit 8237ce01fe * backport of commit f7dc68f1c8 * backport of commit 5610471f0e --------- Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com> Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
2024-11-04 15:10:31 -05:00 · 2024-11-04 15:10:31 -05:00 · ac57f563b1
parent bc70c83790
commit ac57f563b1
2 changed files with 4 additions and 7 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -14,7 +14,7 @@

 container {
 	dependencies = true
-	alpine_secdb = true
+	osv          = true

 	secrets {
 		matchers {
@ -36,8 +36,7 @@ container {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 				"CVE-2024-8096", # curl@8.9.1-r2,
 				"CVE-2024-9143", # openssl@3.3.2-r0,
 			]
@ -79,8 +78,7 @@ binary {
 	# periodically cleaned up to remove items that are no longer found by the scanner.
 	triage {
 		suppress {
-			# N.b. `vulnerabilites` is the correct spelling for this tool.
-			vulnerabilites = [
+			vulnerabilities = [
 			]
 			paths = [
 				"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
--- a/scan.hcl
+++ b/scan.hcl
@ -28,8 +28,7 @@ repository {
  # periodically cleaned up to remove items that are no longer found by the scanner.
  triage {
    suppress {
-      # N.b. `vulnerabilites` is the correct spelling for this tool.
-      vulnerabilites = [
+      vulnerabilities = [
      ]
      paths = [
        "internal/tools/proto-gen-rpc-glue/e2e/consul/*",