diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 8401764bc4..88b2c88117 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -56,6 +56,7 @@ container {
 binary {
 	go_modules   = true
 	osv          = true
+	go_stdlib    = true
 	# We can't enable npm for binary targets today because we don't yet embed the relevant file
 	# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
 	
diff --git a/scan.hcl b/scan.hcl
index 82888d3be8..b0a1b924b4 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -15,9 +15,10 @@
 # unlike the scans configured here, will block releases in CRT.
 
 repository {
-  go_modules   = true
-  npm          = true
-  osv          = true
+  go_modules              = true
+  npm                     = true
+  osv                     = true
+  go_stdlib_version_file  = ".go-version"
 
   secrets {
     all = true