From ac57f563b1e176be49c2d7ad43c57a6ec074a2a9 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Mon, 4 Nov 2024 15:10:31 -0500 Subject: [PATCH] Backport of ci(security-scanner): add support for Red Hat UBI images and fix typo into release/1.20.x (#21913) * backport of commit 8237ce01fe0f1f3b2cbedb4b3894f1251fe28d51 * backport of commit f7dc68f1c8359b9f7e0c107ea3b1b39be2f926b1 * backport of commit 5610471f0ef0fe2997686acb21182b781c0854e4 --------- Co-authored-by: dduzgun-security Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> --- .release/security-scan.hcl | 8 +++----- scan.hcl | 3 +-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 3e9506d795..20c105f3b4 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -14,7 +14,7 @@ container { dependencies = true - alpine_secdb = true + osv = true secrets { matchers { @@ -36,8 +36,7 @@ container { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ "CVE-2024-8096", # curl@8.9.1-r2, "CVE-2024-9143", # openssl@3.3.2-r0, ] @@ -79,8 +78,7 @@ binary { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*", diff --git a/scan.hcl b/scan.hcl index 0da769efb4..f67bb4b24e 100644 --- a/scan.hcl +++ b/scan.hcl @@ -28,8 +28,7 @@ repository { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*",