security: add scan triage for CVE-2024-25620 (helm/v3)

Triage this scan result as `consul-k8s` should not be directly impacted and it is medium severity. Follow-up ticket filed for remediation. Also improve formatting of scan config since this change will be backported.
hashicorp · Feb 20, 2024 · e0afade · e0afade
1 parent 442232e
commit e0afade
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 11 deletions.
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -13,19 +13,28 @@
 # See `security-scanner` docs or run with `--help` for scan target syntax.
 
 container {
-	dependencies = true
-	alpine_secdb = true
+  dependencies = true
+  alpine_secdb = true
 
-	secrets {
-		all = true
-	}
+  secrets {
+    all = true
+  }
 }
 
 binary {
-	go_modules   = true
-	osv          = true
+  go_modules   = true
+  osv          = true
 
-	secrets {
-		all = true
-	}
-}
+  secrets {
+    all = true
+  }
+
+  triage {
+    suppress {
+      vulnerabilites = [
+        # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
+        "GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+      ]
+    }
+  }
+}
diff --git a/scan.hcl b/scan.hcl
@@ -31,6 +31,10 @@ repository {
         "acceptance/*",
         "hack/*",
       ]
+      vulnerabilites = [
+        # NET-8174 (2024-02-20): Chart YAML path traversal (not impacted)
+		"GHSA-v53g-5gjp-272r", # alias CVE-2024-25620
+      ]
     }
   }
 }