linuxfoundation · gaspergrom · Jun 4, 2026 · May 18, 2026 · May 18, 2026 · May 18, 2026
diff --git a/backend/src/database/migrations/U1780555634__update-osps-catalog-id.sql b/backend/src/database/migrations/U1780555634__update-osps-catalog-id.sql
@@ -0,0 +1,3 @@
+UPDATE "securityInsightsEvaluationSuites"
+SET "catalogId" = 'OSPS_B'
+WHERE "catalogId" = 'osps-baseline-2026-02';
diff --git a/backend/src/database/migrations/V1780555634__update-osps-catalog-id.sql b/backend/src/database/migrations/V1780555634__update-osps-catalog-id.sql
@@ -0,0 +1,3 @@
+UPDATE "securityInsightsEvaluationSuites"
+SET "catalogId" = 'osps-baseline-2026-02'
+WHERE "catalogId" = 'OSPS_B';
diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker
@@ -8,14 +8,14 @@ ARG PLATFORM=Linux_x86_64
 RUN wget https://github.com/privateerproj/privateer/releases/download/v${VERSION}/privateer_${PLATFORM}.tar.gz
 RUN tar -xzf privateer_${PLATFORM}.tar.gz
 
-FROM golang:1.24.4-alpine3.21 AS plugin
+FROM golang:1.26.3-alpine3.23 AS plugin
 RUN apk add --no-cache make git
 WORKDIR /plugin
-ARG PVTR_COMMIT=88d79df63e6140c593cf15366ed63992e1fbed63
-# To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo repository.
-# Currently using the version https://github.com/revanite-io/pvtr-github-repo/commit/88d79df63e6140c593cf15366ed63992e1fbed63
-RUN git clone https://github.com/revanite-io/pvtr-github-repo.git && cd pvtr-github-repo && git checkout ${PVTR_COMMIT}
-RUN cd pvtr-github-repo && make binary && cp github-repo ../github-repo
+ARG PVTR_COMMIT=c7bd9538d64f7eaab94a05c9b5fd05458a387b1c
+# To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo-scanner repository.
+# Currently using v0.23.2: https://github.com/ossf/pvtr-github-repo-scanner/commit/c7bd9538d64f7eaab94a05c9b5fd05458a387b1c
+RUN git clone https://github.com/ossf/pvtr-github-repo-scanner.git && cd pvtr-github-repo-scanner && git checkout ${PVTR_COMMIT}
+RUN cd pvtr-github-repo-scanner && make binary && cp github-repo ../github-repo
 
 FROM node:20-alpine as builder
 

diff --git a/services/apps/security_best_practices_worker/example-config.yml b/services/apps/security_best_practices_worker/example-config.yml
@@ -7,7 +7,7 @@ services:
 
     policy:
       catalogs:
-        - OSPS_B
+        - osps-baseline-2026-02
       applicability:
         - Maturity Level 1
 

diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts
@@ -93,7 +93,7 @@ export async function saveOSPSBaselineInsightsToDB(
   key: string,
   repo: ISecurityInsightsObsoleteRepo,
 ): Promise<void> {
-  const CATALOG_ID = 'OSPS_B'
+  const CATALOG_ID = 'osps-baseline-2026-02'
   const redisCache = new RedisCache(`osps-baseline-insights`, svc.redis, svc.log)
   const result = await redisCache.get(key)
   const parsedResult: ISecurityInsightsPrivateerResult = JSON.parse(result)
@@ -131,6 +131,7 @@ export async function saveOSPSBaselineInsightsToDB(
       qx,
       repo.repoUrl,
       evaluation['control-id'],
+      suite.id,
     )
     for (const assessment of evaluation.assessments) {
       await addControlEvaluationAssessment(qx, {

diff --git a/services/libs/data-access-layer/src/security_insights/index.ts b/services/libs/data-access-layer/src/security_insights/index.ts
@@ -102,16 +102,19 @@ export async function findSuiteControlEvaluation(
   qx: QueryExecutor,
   repo: string,
   controlId: string,
+  suiteId?: string,
 ): Promise<ISecurityInsightsEvaluations | null> {
   return await qx.selectOneOrNone(
     `
       select *
       from "securityInsightsEvaluations"
       where "repo" = $(repo) and "controlId" = $(controlId)
+      ${suiteId ? 'and "securityInsightsEvaluationSuiteId" = $(suiteId)' : ''}
     `,
     {
       repo,
       controlId,
+      suiteId,
     },
   )
 }