diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 3917c269cd49..84120a73a9a1 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -9,8 +9,18 @@ container {
 
 binary {
 	secrets      = false
-	go_modules   = false
+	go_modules   = true
 	osv          = true
 	oss_index    = true
 	nvd          = false
 }
+
+# Triage items that are _safe_ to ignore here. Note that this list should be
+# periodically cleaned up to remove items that are no longer found by the scanner.
+triage {
+	suppress {
+		vulnerabilities = [
+			"GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5
+		]
+	}
+}