From 450db6b026dc35773353b42712bcf975c2673ac0 Mon Sep 17 00:00:00 2001 From: dduzgun-security Date: Tue, 17 Dec 2024 14:34:29 -0500 Subject: [PATCH 1/2] sec: suppress GO-2022-0635 osv alert in CRT --- .release/security-scan.hcl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 0e192490d80..861923f1316 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -23,4 +23,14 @@ binary { all = true skip_path_strings = ["/website/content/"] } + + # Triage items that are _safe_ to ignore here. Note that this list should be + # periodically cleaned up to remove items that are no longer found by the scanner. + triage { + suppress { + vulnerabilities = [ + "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5 TODO(dduzgun-security): remove when deps is resolved + ] + } + } } From e5b560a034fa6dbe5a82f94c45ba0ce144a6b551 Mon Sep 17 00:00:00 2001 From: dduzgun-security Date: Tue, 17 Dec 2024 14:37:08 -0500 Subject: [PATCH 2/2] hclfmt --- .release/security-scan.hcl | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 861923f1316..c82d9b69a4e 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -25,12 +25,12 @@ binary { } # Triage items that are _safe_ to ignore here. Note that this list should be - # periodically cleaned up to remove items that are no longer found by the scanner. - triage { - suppress { - vulnerabilities = [ - "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5 TODO(dduzgun-security): remove when deps is resolved - ] - } - } + # periodically cleaned up to remove items that are no longer found by the scanner. + triage { + suppress { + vulnerabilities = [ + "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5 TODO(dduzgun-security): remove when deps is resolved + ] + } + } }