From 80060cdfbedab2f4a78648108cec3c256d4ec6fd Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 16:00:29 +0100 Subject: [PATCH 01/11] fix: privateer-sdk version Signed-off-by: Joana Maia --- .../services/docker/Dockerfile.security_best_practices_worker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index c954c19fde..e87044ed89 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -2,7 +2,7 @@ FROM alpine:3.21 AS core RUN apk add --no-cache wget tar unzip WORKDIR /app -ARG VERSION=0.7.0 +ARG VERSION=0.21.2 ARG PLATFORM=Linux_x86_64 RUN wget https://github.com/privateerproj/privateer/releases/download/v${VERSION}/privateer_${PLATFORM}.tar.gz From fb2616bea4ed0f2e2075407262d471247aeb881a Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 16:48:51 +0100 Subject: [PATCH 02/11] fix: rename pvtr binary to privateer in Dockerfile Signed-off-by: Joana Maia --- .../services/docker/Dockerfile.security_best_practices_worker | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index e87044ed89..179337369b 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -34,7 +34,7 @@ FROM node:20-bookworm-slim as runner RUN mkdir -p /.privateer/bin WORKDIR /.privateer/bin -COPY --from=core /app/privateer . +COPY --from=core /app/pvtr ./privateer COPY --from=plugin /plugin/github-repo /root/.privateer/bin/github-repo COPY ./services/apps/security_best_practices_worker/example-config.yml /.privateer/example-config.yml From 581eefdc23ffaf169516e34d5e02b09db845da96 Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 17:40:15 +0100 Subject: [PATCH 03/11] fix: add pvtr plugins.json manifest for github-repo plugin registration Signed-off-by: Joana Maia --- .../services/docker/Dockerfile.security_best_practices_worker | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index 179337369b..524f9df0fa 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -36,6 +36,7 @@ RUN mkdir -p /.privateer/bin WORKDIR /.privateer/bin COPY --from=core /app/pvtr ./privateer COPY --from=plugin /plugin/github-repo /root/.privateer/bin/github-repo +RUN echo '{"plugins":[{"name":"github-repo","version":"v0.23.2","binaryPath":"github-repo"}]}' > /root/.privateer/bin/plugins.json COPY ./services/apps/security_best_practices_worker/example-config.yml /.privateer/example-config.yml WORKDIR /usr/crowd/app From 573ed2cee541d35fbd6e7525464ba1a9814b14db Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 17:43:13 +0100 Subject: [PATCH 04/11] fix: use PVTR_VERSION arg in plugins.json instead of hardcoded version Signed-off-by: Joana Maia --- .../services/docker/Dockerfile.security_best_practices_worker | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index 524f9df0fa..58e35cf59d 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -12,6 +12,7 @@ FROM golang:1.26.3-alpine3.23 AS plugin RUN apk add --no-cache make git WORKDIR /plugin ARG PVTR_COMMIT=c7bd9538d64f7eaab94a05c9b5fd05458a387b1c +ARG PVTR_VERSION=v0.23.2 # To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo-scanner repository. # Currently using v0.23.2: https://github.com/ossf/pvtr-github-repo-scanner/commit/c7bd9538d64f7eaab94a05c9b5fd05458a387b1c RUN git clone https://github.com/ossf/pvtr-github-repo-scanner.git && cd pvtr-github-repo-scanner && git checkout ${PVTR_COMMIT} @@ -35,8 +36,9 @@ FROM node:20-bookworm-slim as runner RUN mkdir -p /.privateer/bin WORKDIR /.privateer/bin COPY --from=core /app/pvtr ./privateer +ARG PVTR_VERSION=v0.23.2 COPY --from=plugin /plugin/github-repo /root/.privateer/bin/github-repo -RUN echo '{"plugins":[{"name":"github-repo","version":"v0.23.2","binaryPath":"github-repo"}]}' > /root/.privateer/bin/plugins.json +RUN echo "{\"plugins\":[{\"name\":\"github-repo\",\"version\":\"${PVTR_VERSION}\",\"binaryPath\":\"github-repo\"}]}" > /root/.privateer/bin/plugins.json COPY ./services/apps/security_best_practices_worker/example-config.yml /.privateer/example-config.yml WORKDIR /usr/crowd/app From b872fa340c3554cda60020d264edc5d789249e8f Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 17:53:52 +0100 Subject: [PATCH 05/11] fix: treat pvtr exit code 1 as success and truncate error output Signed-off-by: Joana Maia --- .../src/activities/index.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index d7eb39c1dd..45d414f347 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -221,11 +221,18 @@ async function runBinary( }) proc.on('close', (code) => { - if (code === 0) { - svc.log.info(`Binary completed successfully`) + // exit code 0 = all tests passed, 1 = some tests failed — both mean the + // evaluation ran to completion and wrote its output file + if (code === 0 || code === 1) { + svc.log.info(`Binary completed with exit code ${code}`) resolve({ stdout, stderr }) } else { - reject(new Error(`Binary exited with code ${code}\nStderr:\n${stderr}Stdout:\n${stdout}`)) + const truncated = (s: string) => (s.length > 500 ? s.slice(0, 500) + '…' : s) + reject( + new Error( + `Binary exited with code ${code}\nStderr:\n${truncated(stderr)}Stdout:\n${truncated(stdout)}`, + ), + ) } }) }) From 5924bdd21b80ef3db9054d7e77f9ca45ed48f566 Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 18:04:46 +0100 Subject: [PATCH 06/11] fix: update types and field accessors for pvtr-sdk v1.24.0 output format Signed-off-by: Joana Maia --- .../src/activities/index.ts | 36 +++++++++---------- .../src/types.ts | 24 ++++++------- 2 files changed, 29 insertions(+), 31 deletions(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 45d414f347..80f0ec2e98 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -97,7 +97,9 @@ export async function saveOSPSBaselineInsightsToDB( const redisCache = new RedisCache(`osps-baseline-insights`, svc.redis, svc.log) const result = await redisCache.get(key) const parsedResult: ISecurityInsightsPrivateerResult = JSON.parse(result) - const evaluationSuite = parsedResult.evaluation_suites.find((s) => s.catalog_id === CATALOG_ID) + const evaluationSuite = parsedResult['evaluation-suites'].find( + (s) => s['catalog-id'] === CATALOG_ID, + ) const qx = pgpQx(svc.postgres.writer.connection()) @@ -105,35 +107,31 @@ export async function saveOSPSBaselineInsightsToDB( repo: repo.repoUrl, insightsProjectId: repo.insightsProjectId, insightsProjectSlug: repo.insightsProjectSlug, - catalogId: evaluationSuite.catalog_id, + catalogId: evaluationSuite['catalog-id'], name: evaluationSuite.name, result: evaluationSuite.result, - corruptedState: evaluationSuite.corrupted_state, + corruptedState: evaluationSuite['corrupted-state'], }) - const suite = await findEvaluationSuite(qx, repo.repoUrl, evaluationSuite.catalog_id) + const suite = await findEvaluationSuite(qx, repo.repoUrl, evaluationSuite['catalog-id']) - for (const evaluation of evaluationSuite.control_evaluations) { + for (const evaluation of evaluationSuite['control-evaluations'].evaluations) { + const controlId = evaluation.control['entry-id'] await addSuiteControlEvaluation(qx, { - controlId: evaluation['control-id'], + controlId, name: evaluation.name, - corruptedState: evaluation['corrupted-state'], + corruptedState: false, message: evaluation.message, repo: repo.repoUrl, insightsProjectId: repo.insightsProjectId, insightsProjectSlug: repo.insightsProjectSlug, - remediationGuide: evaluation['remediation-guide'] || '', + remediationGuide: '', result: evaluation.result, securityInsightsEvaluationSuiteId: suite.id, }) - const controlEvaluation = await findSuiteControlEvaluation( - qx, - repo.repoUrl, - evaluation['control-id'], - suite.id, - ) - for (const assessment of evaluation.assessments) { + const controlEvaluation = await findSuiteControlEvaluation(qx, repo.repoUrl, controlId, suite.id) + for (const assessment of evaluation['assessment-logs']) { await addControlEvaluationAssessment(qx, { applicability: assessment.applicability, description: assessment.description, @@ -141,17 +139,17 @@ export async function saveOSPSBaselineInsightsToDB( repo: repo.repoUrl, insightsProjectId: repo.insightsProjectId, insightsProjectSlug: repo.insightsProjectSlug, - requirementId: assessment['requirement-id'], + requirementId: assessment.requirement['entry-id'], result: assessment.result, - runDuration: assessment['run-duration'] || '', + runDuration: '', steps: assessment.steps, stepsExecuted: assessment['steps-executed'] || 0, securityInsightsEvaluationId: controlEvaluation.id, recommendation: assessment.recommendation, start: assessment.start, end: assessment.end, - value: assessment.value, - changes: assessment.changes, + value: null, + changes: null, }) } } diff --git a/services/apps/security_best_practices_worker/src/types.ts b/services/apps/security_best_practices_worker/src/types.ts index c422a06a84..0ca7483250 100644 --- a/services/apps/security_best_practices_worker/src/types.ts +++ b/services/apps/security_best_practices_worker/src/types.ts @@ -1,28 +1,30 @@ export interface ISecurityInsightsPrivateerResult { - evaluation_suites: ISecurityInsightsPrivateerEvaluationSuite[] + 'evaluation-suites': ISecurityInsightsPrivateerEvaluationSuite[] } export interface ISecurityInsightsPrivateerEvaluationSuite { name: string - catalog_id: string - start_time: string - end_time: string + 'catalog-id': string + 'start-time': string + 'end-time': string result: string - corrupted_state: boolean - control_evaluations: ISecurityInsightsPrivateerResultControlEvaluations[] + 'corrupted-state': boolean + 'control-evaluations': { + result: string + evaluations: ISecurityInsightsPrivateerResultControlEvaluations[] + } } export interface ISecurityInsightsPrivateerResultControlEvaluations { name: string - 'control-id': string + control: { 'reference-id': string; 'entry-id': string } result: string message: string - 'corrupted-state': boolean - assessments: ISecurityInsightsPrivateerResultAssessment[] + 'assessment-logs': ISecurityInsightsPrivateerResultAssessment[] } export interface ISecurityInsightsPrivateerResultAssessment { - 'requirement-id': string + requirement: { 'reference-id': string; 'entry-id': string } applicability: string[] description: string result: string @@ -31,8 +33,6 @@ export interface ISecurityInsightsPrivateerResultAssessment { 'steps-executed': number start: string end?: string - value?: unknown - changes?: Record recommendation?: string } From 0f79e0b122e51293f8a453fd4011801dd4d29b24 Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 18:06:12 +0100 Subject: [PATCH 07/11] fix: global PVTR_VERSION arg and structured error fields in runBinary Signed-off-by: Joana Maia --- .../docker/Dockerfile.security_best_practices_worker | 6 ++++-- .../security_best_practices_worker/src/activities/index.ts | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/scripts/services/docker/Dockerfile.security_best_practices_worker b/scripts/services/docker/Dockerfile.security_best_practices_worker index 58e35cf59d..cb250dc12f 100644 --- a/scripts/services/docker/Dockerfile.security_best_practices_worker +++ b/scripts/services/docker/Dockerfile.security_best_practices_worker @@ -1,3 +1,5 @@ +ARG PVTR_VERSION=v0.23.2 + FROM alpine:3.21 AS core RUN apk add --no-cache wget tar unzip @@ -12,7 +14,7 @@ FROM golang:1.26.3-alpine3.23 AS plugin RUN apk add --no-cache make git WORKDIR /plugin ARG PVTR_COMMIT=c7bd9538d64f7eaab94a05c9b5fd05458a387b1c -ARG PVTR_VERSION=v0.23.2 +ARG PVTR_VERSION # To run the latest version of the plugin, we need to use the latest commit of the pvtr-github-repo-scanner repository. # Currently using v0.23.2: https://github.com/ossf/pvtr-github-repo-scanner/commit/c7bd9538d64f7eaab94a05c9b5fd05458a387b1c RUN git clone https://github.com/ossf/pvtr-github-repo-scanner.git && cd pvtr-github-repo-scanner && git checkout ${PVTR_COMMIT} @@ -36,7 +38,7 @@ FROM node:20-bookworm-slim as runner RUN mkdir -p /.privateer/bin WORKDIR /.privateer/bin COPY --from=core /app/pvtr ./privateer -ARG PVTR_VERSION=v0.23.2 +ARG PVTR_VERSION COPY --from=plugin /plugin/github-repo /root/.privateer/bin/github-repo RUN echo "{\"plugins\":[{\"name\":\"github-repo\",\"version\":\"${PVTR_VERSION}\",\"binaryPath\":\"github-repo\"}]}" > /root/.privateer/bin/plugins.json COPY ./services/apps/security_best_practices_worker/example-config.yml /.privateer/example-config.yml diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 80f0ec2e98..8166420896 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -226,11 +226,13 @@ async function runBinary( resolve({ stdout, stderr }) } else { const truncated = (s: string) => (s.length > 500 ? s.slice(0, 500) + '…' : s) - reject( + const err = Object.assign( new Error( - `Binary exited with code ${code}\nStderr:\n${truncated(stderr)}Stdout:\n${truncated(stdout)}`, + `Binary exited with code ${code}\nStderr:\n${truncated(stderr)}\nStdout:\n${truncated(stdout)}`, ), + { stdout, stderr }, ) + reject(err) } }) }) From 5e86ef12bdaae4d3f44c37ef433a17f2382e7c3a Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 20:23:10 +0100 Subject: [PATCH 08/11] fix: derive runDuration from assessment timestamps and capture new SDK fields privateer-sdk v1.24.0 removed `run-duration` in favor of `start`/`end` timestamps; compute the duration locally so the existing column stays populated. Adds the new optional `plan` and `confidence-level` fields to the YAML types so they survive parsing into Redis. Signed-off-by: Joana Maia --- .../security_best_practices_worker/src/activities/index.ts | 5 ++++- services/apps/security_best_practices_worker/src/types.ts | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 8166420896..5858c2602f 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -132,6 +132,9 @@ export async function saveOSPSBaselineInsightsToDB( const controlEvaluation = await findSuiteControlEvaluation(qx, repo.repoUrl, controlId, suite.id) for (const assessment of evaluation['assessment-logs']) { + const runDuration = assessment.end + ? `${new Date(assessment.end).getTime() - new Date(assessment.start).getTime()}ms` + : '' await addControlEvaluationAssessment(qx, { applicability: assessment.applicability, description: assessment.description, @@ -141,7 +144,7 @@ export async function saveOSPSBaselineInsightsToDB( insightsProjectSlug: repo.insightsProjectSlug, requirementId: assessment.requirement['entry-id'], result: assessment.result, - runDuration: '', + runDuration, steps: assessment.steps, stepsExecuted: assessment['steps-executed'] || 0, securityInsightsEvaluationId: controlEvaluation.id, diff --git a/services/apps/security_best_practices_worker/src/types.ts b/services/apps/security_best_practices_worker/src/types.ts index 0ca7483250..e50a44a4f2 100644 --- a/services/apps/security_best_practices_worker/src/types.ts +++ b/services/apps/security_best_practices_worker/src/types.ts @@ -25,6 +25,7 @@ export interface ISecurityInsightsPrivateerResultControlEvaluations { export interface ISecurityInsightsPrivateerResultAssessment { requirement: { 'reference-id': string; 'entry-id': string } + plan?: { 'reference-id': string; 'entry-id': string } applicability: string[] description: string result: string @@ -34,6 +35,7 @@ export interface ISecurityInsightsPrivateerResultAssessment { start: string end?: string recommendation?: string + 'confidence-level'?: string } export interface IUpsertOSPSBaselineSecurityInsightsParams { From 60f4c68230ad6bca082662fd7885267b6baca6a3 Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 20:32:55 +0100 Subject: [PATCH 09/11] fix: throw actionable errors on missing privateer output and DB lookups (IN-1170) Addresses PR review: guard against null returns from redis cache and post-insert DB lookups so workflow failures surface with context instead of TypeError on undefined property access. Co-Authored-By: Claude Opus 4.7 Signed-off-by: Joana Maia --- .../src/activities/index.ts | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 5858c2602f..20e55ad368 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -96,10 +96,18 @@ export async function saveOSPSBaselineInsightsToDB( const CATALOG_ID = 'osps-baseline-2026-02' const redisCache = new RedisCache(`osps-baseline-insights`, svc.redis, svc.log) const result = await redisCache.get(key) + if (!result) { + throw new Error(`No cached privateer result found for key: ${key}`) + } const parsedResult: ISecurityInsightsPrivateerResult = JSON.parse(result) - const evaluationSuite = parsedResult['evaluation-suites'].find( + const evaluationSuite = parsedResult['evaluation-suites']?.find( (s) => s['catalog-id'] === CATALOG_ID, ) + if (!evaluationSuite) { + throw new Error( + `No evaluation suite found for catalog '${CATALOG_ID}' in privateer output for repo ${repo.repoUrl}`, + ) + } const qx = pgpQx(svc.postgres.writer.connection()) @@ -114,6 +122,11 @@ export async function saveOSPSBaselineInsightsToDB( }) const suite = await findEvaluationSuite(qx, repo.repoUrl, evaluationSuite['catalog-id']) + if (!suite) { + throw new Error( + `Evaluation suite not found after insert for repo ${repo.repoUrl}, catalog ${evaluationSuite['catalog-id']}`, + ) + } for (const evaluation of evaluationSuite['control-evaluations'].evaluations) { const controlId = evaluation.control['entry-id'] @@ -131,6 +144,11 @@ export async function saveOSPSBaselineInsightsToDB( }) const controlEvaluation = await findSuiteControlEvaluation(qx, repo.repoUrl, controlId, suite.id) + if (!controlEvaluation) { + throw new Error( + `Control evaluation not found after insert for repo ${repo.repoUrl}, controlId ${controlId}, suiteId ${suite.id}`, + ) + } for (const assessment of evaluation['assessment-logs']) { const runDuration = assessment.end ? `${new Date(assessment.end).getTime() - new Date(assessment.start).getTime()}ms` From f3947038619fede01baef4fd25fc3ff36228f51a Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 20:59:08 +0100 Subject: [PATCH 10/11] fix: validate runDuration timestamps and truncate attached binary error fields (IN-1170) Addresses PR review: guard computeRunDuration against missing or unparseable timestamps so NaN/negative durations don't reach the DB, and attach truncated stdout/stderr on rejected binary errors so Temporal payloads stay within serialization limits. Co-Authored-By: Claude Opus 4.7 Signed-off-by: Joana Maia --- .../src/activities/index.ts | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 20e55ad368..0d5ac96275 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -150,9 +150,7 @@ export async function saveOSPSBaselineInsightsToDB( ) } for (const assessment of evaluation['assessment-logs']) { - const runDuration = assessment.end - ? `${new Date(assessment.end).getTime() - new Date(assessment.start).getTime()}ms` - : '' + const runDuration = computeRunDuration(assessment.start, assessment.end) await addControlEvaluationAssessment(qx, { applicability: assessment.applicability, description: assessment.description, @@ -193,6 +191,14 @@ export async function saveOSPSBaselineInsightsToRedis( await redisCache.set(key, JSON.stringify(insights), 60 * 60 * 24) // 1 day } +function computeRunDuration(start: string | undefined, end: string | undefined): string { + if (!start || !end) return '' + const startMs = new Date(start).getTime() + const endMs = new Date(end).getTime() + if (isNaN(startMs) || isNaN(endMs) || endMs < startMs) return '' + return `${endMs - startMs}ms` +} + async function cleanupFiles(repoName: string): Promise { // Delete the file try { @@ -247,11 +253,13 @@ async function runBinary( resolve({ stdout, stderr }) } else { const truncated = (s: string) => (s.length > 500 ? s.slice(0, 500) + '…' : s) + const truncStdout = truncated(stdout) + const truncStderr = truncated(stderr) const err = Object.assign( new Error( - `Binary exited with code ${code}\nStderr:\n${truncated(stderr)}\nStdout:\n${truncated(stdout)}`, + `Binary exited with code ${code}\nStderr:\n${truncStderr}\nStdout:\n${truncStdout}`, ), - { stdout, stderr }, + { stdout: truncStdout, stderr: truncStderr }, ) reject(err) } From 871c16d19e150532eab6acfeb4e64f9f97eb0e9c Mon Sep 17 00:00:00 2001 From: Joana Maia Date: Mon, 15 Jun 2026 21:01:47 +0100 Subject: [PATCH 11/11] fix: lint Signed-off-by: Joana Maia --- .../security_best_practices_worker/src/activities/index.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/apps/security_best_practices_worker/src/activities/index.ts b/services/apps/security_best_practices_worker/src/activities/index.ts index 0d5ac96275..e1d92a5712 100644 --- a/services/apps/security_best_practices_worker/src/activities/index.ts +++ b/services/apps/security_best_practices_worker/src/activities/index.ts @@ -143,7 +143,12 @@ export async function saveOSPSBaselineInsightsToDB( securityInsightsEvaluationSuiteId: suite.id, }) - const controlEvaluation = await findSuiteControlEvaluation(qx, repo.repoUrl, controlId, suite.id) + const controlEvaluation = await findSuiteControlEvaluation( + qx, + repo.repoUrl, + controlId, + suite.id, + ) if (!controlEvaluation) { throw new Error( `Control evaluation not found after insert for repo ${repo.repoUrl}, controlId ${controlId}, suiteId ${suite.id}`,