ci: security scanner update by dduzgun-security · Pull Request #560 · hashicorp/levant

This repository was archived by the owner on Jun 27, 2025. It is now read-only.

.release/security-scan.hcl

-Original file line number
+Diff line change
@@ Expand Up / @@ -2,15 +2,32 @@ @@
     # SPDX-License-Identifier: MPL-2.0
     container {
-      dependencies = true
-      alpine_secdb = true
-      secrets      = true
+      dependencies    = true
+      alpine_security = true
+      secrets {
+        all = true
+      }
     }
     binary {
-      secrets    = true
       go_modules = true
       osv        = true
+      go_stdlib  = true
       oss_index  = false
       nvd        = false
+      secrets {
+        all = true
+      }
+      # Triage items that are _safe_ to ignore here. Note that this list should be
+      # periodically cleaned up to remove items that are no longer found by the scanner.
+      triage {
+        suppress {
+          vulnerabilities = [
+            "GHSA-rx97-6c62-55mf", // https://github.com/github/advisory-database/pull/5759 TODO(dduzgun): remove when dep updated.
+          ]
+        }
+      }
     }

Provide feedback