From 00ad74d1460fedbd0c1ddd1d5a63d52408270452 Mon Sep 17 00:00:00 2001 From: dduzgun-security Date: Tue, 26 Mar 2024 17:17:58 -0400 Subject: [PATCH 1/3] security: enable go stdlib scans --- scan.hcl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scan.hcl b/scan.hcl index 595ce2ac152c..5626de2b032a 100644 --- a/scan.hcl +++ b/scan.hcl @@ -15,9 +15,10 @@ # unlike the scans configured here, will block releases in CRT. repository { - go_modules = true - npm = true - osv = true + go_modules = true + npm = true + osv = true + go_stdlib_version_file = ".go-version" secrets { all = true From 0401151cfcece4aa8419f3f9f638e97bca66a618 Mon Sep 17 00:00:00 2001 From: dduzgun-security Date: Tue, 26 Mar 2024 17:26:39 -0400 Subject: [PATCH 2/3] security: enable go stdlib binary scan --- .release/security-scan.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 6a784734e9bc..97949ebbb285 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -49,6 +49,7 @@ container { binary { go_modules = true osv = true + go_stdlib = true # We can't enable npm for binary targets today because we don't yet embed the relevant file # (yarn.lock) in the Consul binary. This is something we may investigate in the future. From 700e0aec84117d4a1ecc963128583cdac8d3bc90 Mon Sep 17 00:00:00 2001 From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com> Date: Tue, 26 Mar 2024 17:56:03 -0400 Subject: [PATCH 3/3] Fix formating --- .release/security-scan.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index 97949ebbb285..c3c32b2dfdb6 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -49,7 +49,7 @@ container { binary { go_modules = true osv = true - go_stdlib = true + go_stdlib = true # We can't enable npm for binary targets today because we don't yet embed the relevant file # (yarn.lock) in the Consul binary. This is something we may investigate in the future.