From 3e2302b19153f9f21588fd2e62242f4a27458af3 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Tue, 26 Mar 2024 17:45:36 -0400
Subject: [PATCH] Backport of security: triage false positive for go-jose/v3
 into release/1.17.x (#20904)

backport of commit c8d6b2528cdf861bff796d6d8e5a93e7e4c660b7

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---
 .release/security-scan.hcl | 11 +++++++++++
 scan.hcl                   | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 6a784734e9bc..83c503563b86 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -67,4 +67,15 @@ binary {
 			]
 		}
 	}
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			# N.b. `vulnerabilites` is the correct spelling for this tool.
+			vulnerabilites = [
+				"GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
+			]
+		}
+	}
 }
diff --git a/scan.hcl b/scan.hcl
index 595ce2ac152c..d9842018c902 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -22,4 +22,15 @@ repository {
   secrets {
     all = true
   }
+
+  # Triage items that are _safe_ to ignore here. Note that this list should be
+  # periodically cleaned up to remove items that are no longer found by the scanner.
+  triage {
+    suppress {
+      # N.b. `vulnerabilites` is the correct spelling for this tool.
+      vulnerabilites = [
+        "GO-2024-2631", # go-jose/v3@v3.0.3 (false positive)
+      ]
+    }
+  }
 }