security: update scanner file to modern config (#166)

ryancragun · web-flow · commit 4bc5121fa0cf · 2025-11-03T22:47:39.000Z
Signed-off-by: Ryan Cragun &lt;me@ryan.ec&gt;
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -1,16 +1,18 @@
 # Copyright IBM Corp. 2021, 2025
 # SPDX-License-Identifier: MPL-2.0
 
-container {
-	dependencies = true
-	alpine_secdb = true
-	secrets      = true
+binary {
+  go_stdlib  = true // Scan the Go standard library used to build the binary.
+  go_modules = true // Scan the Go modules included in the binary.
+  osv        = true // Use the OSV vulnerability database.
+  oss_index  = true // And use OSS Index vulnerability database.
 }
 
-binary {
-	secrets      = true
-	go_modules   = false
-	osv          = true
-	oss_index    = false
-	nvd          = false
+container {
+  dependencies = true // Scan any installed packages for vulnerabilities.
+  osv          = true // Use the OSV vulnerability database.
+
+  secrets {
+    all = true
+  }
 }
