diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index 0e192490d80..c82d9b69a4e 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -23,4 +23,14 @@ binary {
     all               = true
     skip_path_strings = ["/website/content/"]
   }
+
+  # Triage items that are _safe_ to ignore here. Note that this list should be
+  # periodically cleaned up to remove items that are no longer found by the scanner.
+  triage {
+    suppress {
+      vulnerabilities = [
+        "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.55.5 TODO(dduzgun-security): remove when deps is resolved
+      ]
+    }
+  }
 }