diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 173df712..ec2eb846 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -13,4 +13,15 @@ binary {
   osv        = true
   oss_index  = false
   nvd        = false
+
+  # Triage items that are _safe_ to ignore here. Note that this list should be
+  # periodically cleaned up to remove items that are no longer found by the scanner.
+  triage {
+    suppress {
+      vulnerabilities = [
+        "GHSA-29qp-crvh-w22m", // github.com/hashicorp/yamux@v0.1.1
+        "GO-2025-3408",        // github.com/hashicorp/yamux@v0.1.1
+      ]
+    }
+  }
 }