diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
index 649f27fe979..834515bbeb0 100644
--- a/.github/workflows/license-scan.yml
+++ b/.github/workflows/license-scan.yml
@@ -23,4 +23,5 @@ jobs:
         scan-args: |-
           --skip-git
           --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib
+          --config tools/osv-scanner/license-scan-config.yaml
           ./
diff --git a/osv-scanner.toml b/tools/osv-scanner/license-scan-config.toml
similarity index 96%
rename from osv-scanner.toml
rename to tools/osv-scanner/license-scan-config.toml
index 9d5626b71ec..79a579ff7f8 100644
--- a/osv-scanner.toml
+++ b/tools/osv-scanner/license-scan-config.toml
@@ -1,3 +1,8 @@
+# Ignore vulnerabilities on license scan
+[[PackageOverrides]]
+ecosystem = "Go"
+vulnerability.ignore = true
+
 [[PackageOverrides]]
 name = "github.com/AdaLogics/go-fuzz-headers"
 version = "0.0.0-20230811130428-ced1acdcaa24"