diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
index c80ea968d2..e9de3804b7 100644
--- a/.release/security-scan.hcl
+++ b/.release/security-scan.hcl
@@ -32,6 +32,17 @@ container {
         "CVE-2024-58251",
         "GO-2022-0635", // github.com/aws/aws-sdk-go@v1.x
       ]
+
+      // The OSV scanner will trip on several packages that are included in the
+      // the UBI images. This is due to RHEL using the same base version in the
+      // package name for the life of the distro regardless of whether or not
+      // that version has been patched for security. Rather than enumate ever
+      // single CVE that the OSV scanner will find (several tens) we'll ignore
+      // the base UBI packages.
+      paths = [
+        "usr/lib/sysimage/rpm/*",
+        "var/lib/rpm/*",
+      ]
     }
   }
 }