security: fine tune security-scanner to reduce false-positives (#20465)

Resolve scan job runner Resolve linting alerts adding EOF on files adding EOF on gitignore too add hclfmt and bump action versions update scan.hcl comments Co-authored-by: Tim Gross <tgross@hashicorp.com> fix typo move scan.hcl file and paths-ignore for scans change action runner use org secret to checkout typo change runner use hashicorp/setup-golang@v3 Co-authored-by: Tim Gross <tgross@hashicorp.com> pin the github action sha
2026-01-01 16:05:42 +03:00 · 2024-09-18 16:55:39 -04:00
parent ec81e7c57c
commit 52f0b40f4c
5 changed files with 148 additions and 5 deletions
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -2,20 +2,25 @@
 # SPDX-License-Identifier: BUSL-1.1

 container {
+  local_daemon = true
+
  secrets {
-    all = false
+    all               = true
+    skip_path_strings = ["/website/content/"]
  }

-  dependencies    = false
-  alpine_security = false
+  dependencies    = true
+  alpine_security = true
 }

 binary {
  go_modules = true
-  osv        = false
+  osv        = true
+  go_stdlib  = true
  nvd        = false

  secrets {
-    all = true
+    all               = true
+    skip_path_strings = ["/website/content/"]
  }
 }