From ce983a27be5ec63e449ab5bda80bf8fe3c7d27e7 Mon Sep 17 00:00:00 2001 From: dduzgun-security Date: Mon, 4 Nov 2024 19:15:21 +0000 Subject: [PATCH 1/3] backport of commit 8237ce01fe0f1f3b2cbedb4b3894f1251fe28d51 --- .release/security-scan.hcl | 10 +++++----- scan.hcl | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 3e9506d7958..53ef3e757e2 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -14,7 +14,7 @@ container { dependencies = true - alpine_secdb = true + osv = true secrets { matchers { @@ -36,8 +36,8 @@ container { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + # N.b. `vulnerabilities` is the correct spelling for this tool. + vulnerabilities = [ "CVE-2024-8096", # curl@8.9.1-r2, "CVE-2024-9143", # openssl@3.3.2-r0, ] @@ -79,8 +79,8 @@ binary { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + # N.b. `vulnerabilities` is the correct spelling for this tool. + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*", diff --git a/scan.hcl b/scan.hcl index 0da769efb47..625e1427927 100644 --- a/scan.hcl +++ b/scan.hcl @@ -28,8 +28,8 @@ repository { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilites` is the correct spelling for this tool. - vulnerabilites = [ + # N.b. `vulnerabilities` is the correct spelling for this tool. + vulnerabilities = [ ] paths = [ "internal/tools/proto-gen-rpc-glue/e2e/consul/*", From 3416e5de1f274beafaf16c877c9c902671da952a Mon Sep 17 00:00:00 2001 From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> Date: Mon, 4 Nov 2024 19:18:48 +0000 Subject: [PATCH 2/3] backport of commit f7dc68f1c8359b9f7e0c107ea3b1b39be2f926b1 --- .release/security-scan.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 53ef3e757e2..e92787c27d6 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -14,7 +14,7 @@ container { dependencies = true - osv = true + osv = true secrets { matchers { From 7ad446005fc95b23f5480f6069b10604a5d057cc Mon Sep 17 00:00:00 2001 From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> Date: Mon, 4 Nov 2024 19:23:23 +0000 Subject: [PATCH 3/3] backport of commit 5610471f0ef0fe2997686acb21182b781c0854e4 --- .release/security-scan.hcl | 2 -- scan.hcl | 1 - 2 files changed, 3 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index e92787c27d6..20c105f3b41 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -36,7 +36,6 @@ container { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilities` is the correct spelling for this tool. vulnerabilities = [ "CVE-2024-8096", # curl@8.9.1-r2, "CVE-2024-9143", # openssl@3.3.2-r0, @@ -79,7 +78,6 @@ binary { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilities` is the correct spelling for this tool. vulnerabilities = [ ] paths = [ diff --git a/scan.hcl b/scan.hcl index 625e1427927..f67bb4b24e1 100644 --- a/scan.hcl +++ b/scan.hcl @@ -28,7 +28,6 @@ repository { # periodically cleaned up to remove items that are no longer found by the scanner. triage { suppress { - # N.b. `vulnerabilities` is the correct spelling for this tool. vulnerabilities = [ ] paths = [