diff --git a/.github/scan.hcl b/.github/scan.hcl
index 436c9d205..167ba9334 100644
--- a/.github/scan.hcl
+++ b/.github/scan.hcl
@@ -44,6 +44,9 @@ repository {
   # periodically cleaned up to remove items that are no longer found by the scanner.
   triage {
     suppress {
+      vulnerabilities = [
+        "GO-2025-3543", // github.com/opencontainers/runc TODO(jrasell): remove once withdrawn from DBs.
+      ]
       paths = [
         "ui/tests/*",
         "internal/testing/*",
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 2793ded7e..ccfeb3a27 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -30,6 +30,7 @@ binary {
     suppress {
       vulnerabilities = [
         "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.
+        "GO-2025-3543", // github.com/opencontainers/runc    TODO(jrasell): remove once withdrawn from DBs.
       ]
     }
   }