ci: Suppress unfixed Docker vulns in scanner GHSA (#27842)

jrasell · web-flow · commit b23ab7b74bae · 2026-04-17T11:08:19.000+01:00
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -29,11 +29,13 @@ binary {
   triage {
     suppress {
       vulnerabilities = [
-        "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.
-        "GO-2025-3543", // github.com/opencontainers/runc    TODO(jrasell): remove once withdrawn from DBs.
-        "GO-2025-3829", // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829
-        "GO-2026-4887", // github.com/docker/docker with no current fix.
-        "GO-2026-4883", // github.com/docker/docker with no current fix.
+        "GO-2022-0635",        // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.
+        "GO-2025-3543",        // github.com/opencontainers/runc    TODO(jrasell): remove once withdrawn from DBs.
+        "GO-2025-3829",        // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829
+        "GO-2026-4887",        // github.com/docker/docker with no current fix.
+        "GO-2026-4883",        // github.com/docker/docker with no current fix.
+        "GHSA-x744-4wpc-v9h2", // github.com/docker/docker with no current fix.
+        "GHSA-pxq6-2prw-chj9", // github.com/docker/docker with no current fix.
       ]
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -29,11 +29,13 @@ binary {`
`29`	`29`	`triage {`
`30`	`30`	`suppress {`
`31`	`31`	`vulnerabilities = [`
`32`		`- "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.`
`33`		`- "GO-2025-3543", // github.com/opencontainers/runc TODO(jrasell): remove once withdrawn from DBs.`
`34`		`- "GO-2025-3829", // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829`
`35`		`- "GO-2026-4887", // github.com/docker/docker with no current fix.`
`36`		`- "GO-2026-4883", // github.com/docker/docker with no current fix.`
	`32`	`+ "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.6 TODO(jrasell): remove when dep updated.`
	`33`	`+ "GO-2025-3543", // github.com/opencontainers/runc TODO(jrasell): remove once withdrawn from DBs.`
	`34`	`+ "GO-2025-3829", // https://github.com/moby/moby/releases/tag/v28.3.3 TODO(tgross): remove once verified, updated or withdrawn https://pkg.go.dev/vuln/GO-2025-3829`
	`35`	`+ "GO-2026-4887", // github.com/docker/docker with no current fix.`
	`36`	`+ "GO-2026-4883", // github.com/docker/docker with no current fix.`
	`37`	`+ "GHSA-x744-4wpc-v9h2", // github.com/docker/docker with no current fix.`
	`38`	`+ "GHSA-pxq6-2prw-chj9", // github.com/docker/docker with no current fix.`
`37`	`39`	`]`
`38`	`40`	`}`
`39`	`41`	`}`