diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index c30cb8d911..c954c19fde 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -8,14 +8,14 @@ ARG PLATFORM=Linux_x86_64 RUN wget https://github.com/privateerproj/privateer/releases/download/v${VERSION}/privateer_${PLATFORM}.tar.gz RUN tar -xzf privateer_${PLATFORM}.tar.gz -FROM golang:1.24.4-alpine3.21 AS plugin +FROM golang:1.26.3-alpine3.23 AS plugin RUN apk add --no-cache make git WORKDIR /plugin -ARG PVTR_COMMIT=88d79df63e6140c593cf15366ed63992e1fbed63 -# To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo repository. -# Currently using the version https://github.com/revanite-io/pvtr-github-repo/commit/88d79df63e6140c593cf15366ed63992e1fbed63 -RUN git clone https://github.com/revanite-io/pvtr-github-repo.git && cd pvtr-github-repo && git checkout ${PVTR_COMMIT} -RUN cd pvtr-github-repo && make binary && cp github-repo ../github-repo +ARG PVTR_COMMIT=c7bd9538d64f7eaab94a05c9b5fd05458a387b1c +# To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo-scanner repository. +# Currently using v0.23.2: https://github.com/ossf/pvtr-github-repo-scanner/commit/c7bd9538d64f7eaab94a05c9b5fd05458a387b1c +RUN git clone https://github.com/ossf/pvtr-github-repo-scanner.git && cd pvtr-github-repo-scanner && git checkout ${PVTR_COMMIT} +RUN cd pvtr-github-repo-scanner && make binary && cp github-repo ../github-repo FROM node:20-alpine as builder diff --git a/services/apps/security_best_practices_worker/example-config.yml b/services/apps/security_best_practices_worker/example-config.yml index 5117ad28d5..f6619448b1 100644 --- a/services/apps/security_best_practices_worker/example-config.yml +++ b/services/apps/security_best_practices_worker/example-config.yml @@ -7,7 +7,7 @@ services: policy: catalogs: - - OSPS_B + - osps-baseline-2026-02 applicability: - Maturity Level 1 diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 6864ed2258..d7eb39c1dd 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -93,7 +93,7 @@ export async function saveOSPSBaselineInsightsToDB( key: string, repo: ISecurityInsightsObsoleteRepo, ): Promise { - const CATALOG_ID = 'OSPS_B' + const CATALOG_ID = 'osps-baseline-2026-02' const redisCache = new RedisCache(`osps-baseline-insights`, svc.redis, svc.log) const result = await redisCache.get(key) const parsedResult: ISecurityInsightsPrivateerResult = JSON.parse(result) @@ -131,6 +131,7 @@ export async function saveOSPSBaselineInsightsToDB( qx, repo.repoUrl, evaluation['control-id'], + suite.id, ) for (const assessment of evaluation.assessments) { await addControlEvaluationAssessment(qx, { diff --git a/services/libs/data-access-layer/src/security_insights/index.ts b/services/libs/data-access-layer/src/security_insights/index.ts index 5289d392a8..54f869dfff 100644 --- a/services/libs/data-access-layer/src/security_insights/index.ts +++ b/services/libs/data-access-layer/src/security_insights/index.ts @@ -102,16 +102,19 @@ export async function findSuiteControlEvaluation( qx: QueryExecutor, repo: string, controlId: string, + suiteId?: string, ): Promise { return await qx.selectOneOrNone( ` select * from "securityInsightsEvaluations" where "repo" = $(repo) and "controlId" = $(controlId) + ${suiteId ? 'and "securityInsightsEvaluationSuiteId" = $(suiteId)' : ''} `, { repo, controlId, + suiteId, }, ) }