From 574f53d1763af70763fb44811a3e7ac8301f2a2a Mon Sep 17 00:00:00 2001
From: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
Date: Thu, 23 May 2024 13:40:59 -0400
Subject: [PATCH] security: enable go stdlib scans (#20905)

* security: enable go stdlib scans

* security: enable go stdlib binary scan

* Fix formating
---
 .release/security-scan.hcl | 1 +
 scan.hcl                   | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 8401764bc4b1..88b2c881177d 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -56,6 +56,7 @@ container {
 binary {
 	go_modules   = true
 	osv          = true
+	go_stdlib    = true
 	# We can't enable npm for binary targets today because we don't yet embed the relevant file
 	# (yarn.lock) in the Consul binary. This is something we may investigate in the future.
 	
diff --git a/scan.hcl b/scan.hcl
index 82888d3be86c..b0a1b924b470 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -15,9 +15,10 @@
 # unlike the scans configured here, will block releases in CRT.
 
 repository {
-  go_modules   = true
-  npm          = true
-  osv          = true
+  go_modules              = true
+  npm                     = true
+  osv                     = true
+  go_stdlib_version_file  = ".go-version"
 
   secrets {
     all = true