Skip to content

PSP-3163: update scan config to enable osv #37817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 28, 2025
Merged

PSP-3163: update scan config to enable osv #37817

merged 1 commit into from
Oct 28, 2025
+1 −2

Conversation

@alanpchua
Copy link
Collaborator

Changes release scanner config to use osv over oss since oss support is being phased out.

Target Release

1.15.x

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

Just a change to scan config no changes expected.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@alanpchua alanpchua requested a review from a team as a code owner October 27, 2025 14:26
@hashicorp-cla-app
Copy link

hashicorp-cla-app bot commented Oct 27, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@alanpchua alanpchua added the no-changelog-needed Add this to your PR if the change does not require a changelog entry label Oct 27, 2025
SarahFrench
SarahFrench approved these changes Oct 28, 2025
View reviewed changes
Copy link
Member

@SarahFrench SarahFrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took a look at the related Jira ticket and all looks good to me :shipit:

@SarahFrench SarahFrench merged commit b221cc0 into main Oct 28, 2025
12 of 13 checks passed
@SarahFrench SarahFrench deleted the alanpchua/update-release-scan-config branch October 28, 2025 10:17
@mildwonkey
Copy link
Contributor

Hi @alanpchua 👋🏻 Quick question, should this have been backported to our release branch(es)? As it is this won't run on any of the v1.14 releases, not until 1.15-alpha

@alanpchua
Copy link
Collaborator Author

Hi @alanpchua 👋🏻 Quick question, should this have been backported to our release branch(es)? As it is this won't run on any of the v1.14 releases, not until 1.15-alpha

@mildwonkey Thanks for pointing that out. It's probably better if this change goes out to every maintained version of terraform currently. Should I create another PR for v1.14 releases ?

@mildwonkey
Copy link
Contributor

Yes, that'll be best and sorry I didn't comment on this faster - thank you!

We might have a 1.13 patch coming up as well - it's not certain, but it's probably a good idea to open a PR for the v1.13 branch as well (that one's entirely up to you)

@SarahFrench SarahFrench added 1.13-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged 1.14-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged labels Oct 28, 2025
This was referenced Oct 28, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SarahFrench SarahFrench SarahFrench approved these changes

Assignees

No one assigned

Labels

1.13-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged 1.14-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged no-changelog-needed Add this to your PR if the change does not require a changelog entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alanpchua @mildwonkey @SarahFrench