From 1978bacd4d7445c6e45e07b0cc3784070b19a929 Mon Sep 17 00:00:00 2001
From: dduzgun-security <deniz.duzgun@hashicorp.com>
Date: Thu, 26 Jun 2025 14:52:43 -0400
Subject: [PATCH] ci: suppress busybox on container scan

---
 .release/security-scan.hcl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index ce803fc0..67833dfe 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -8,6 +8,18 @@ container {
   secrets {
     all = true
   }
+
+  # Triage items that are _safe_ to ignore here. Note that this list should be
+  # periodically cleaned up to remove items that are no longer found by the scanner.
+  triage {
+    suppress {
+      vulnerabilities = [
+        "GHSA-rx97-6c62-55mf", // https://github.com/github/advisory-database/pull/5759 TODO(dduzgun): remove when dep updated.
+        "CVE-2025-46394",      // busybox@1.37.0-r18 TODO(dduzgun): remove when dep updated.
+        "CVE-2024-58251",      // busybox@1.37.0-r18 TODO(dduzgun): remove when dep updated.
+      ]
+    }
+  }
 }
 
 binary {