security: enable go stdlib scans (#20905)

* security: enable go stdlib scans * security: enable go stdlib binary scan * Fix formating
2025-02-21 09:58:26 +00:00 · 2024-05-23 13:40:59 -04:00 · 2024-05-23 13:40:59 -04:00 · 574f53d176
commit 574f53d176
parent 6f02144a14
2 changed files with 5 additions and 3 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@ -56,6 +56,7 @@ container {
 binary {
 	go_modules   = true
 	osv          = true
+	go_stdlib    = true
 	# We can't enable npm for binary targets today because we don't yet embed the relevant file
 	# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
 	
--- a/scan.hcl
+++ b/scan.hcl
@ -15,9 +15,10 @@
 # unlike the scans configured here, will block releases in CRT.

 repository {
-  go_modules   = true
-  npm          = true
-  osv          = true
+  go_modules              = true
+  npm                     = true
+  osv                     = true
+  go_stdlib_version_file  = ".go-version"

  secrets {
    all = true