diff --git a/docker/deployment/Dockerfile b/docker/deployment/Dockerfile
index bcec9e390ce..3ae25899955 100644
--- a/docker/deployment/Dockerfile
+++ b/docker/deployment/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:26.04@sha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64
+FROM ubuntu:26.04@sha256:53958ec7b67c2c9355df922dd08dbf0360611f8c3cdb656875e81873db9ffdba
 
 RUN apt-get update && \
     apt-get install -y curl jq
diff --git a/docker/terraform/Dockerfile b/docker/terraform/Dockerfile
index 6b2953c0d20..f899ca4a93e 100644
--- a/docker/terraform/Dockerfile
+++ b/docker/terraform/Dockerfile
@@ -1,12 +1,12 @@
 # Taken and modified from https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/terraform
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 ARG TERRAFORM_VERSION
 WORKDIR /build/
 RUN GOBIN=$(pwd) go install github.com/hashicorp/terraform@v${TERRAFORM_VERSION}
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 COPY --from=GO_BUILD /build/terraform /usr/bin/terraform
 COPY entrypoint.bash /builder/entrypoint.bash
diff --git a/docker/worker-base/Dockerfile b/docker/worker-base/Dockerfile
index c7b2c08961f..4fa56324b24 100644
--- a/docker/worker-base/Dockerfile
+++ b/docker/worker-base/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM ubuntu:26.04@sha256:f3d28607ddd78734bb7f71f117f3c6706c666b8b76cbff7c9ff6e5718d46ff64
+FROM ubuntu:26.04@sha256:53958ec7b67c2c9355df922dd08dbf0360611f8c3cdb656875e81873db9ffdba
 
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && apt-get upgrade -y && \
diff --git a/gcp/indexer/Dockerfile b/gcp/indexer/Dockerfile
index e9ff118bbd8..39096c57917 100644
--- a/gcp/indexer/Dockerfile
+++ b/gcp/indexer/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 WORKDIR /build
 
 # Cache dependencies in these steps
@@ -24,7 +24,7 @@ RUN go mod download
 COPY ./ /build
 RUN CGO_ENABLED=0 ./build.sh
 
-FROM gcr.io/distroless/base-debian12@sha256:58695f439f772a00009c8f6be4c183f824c1f556d74b313c30900f167e4772f8
+FROM gcr.io/distroless/base-debian12@sha256:e7e678c88c59e70e105a46549bb3fbfb3d732ee3b4afd3a19fdab2e15afaa6b3
 COPY --from=GO_BUILD build/indexer /indexer
 ENTRYPOINT ["/indexer"]
 CMD ["--help"]
diff --git a/go/Dockerfile b/go/Dockerfile
index ca520182524..a3657b615f8 100644
--- a/go/Dockerfile
+++ b/go/Dockerfile
@@ -30,7 +30,7 @@
 # ========================================================
 # Shared Builder Stage
 # ========================================================
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS builder
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS builder
 
 WORKDIR /workspace
 
diff --git a/go/cmd/osv-linter-worker/Dockerfile b/go/cmd/osv-linter-worker/Dockerfile
index 8a385b62f2a..d3d273c7b0f 100644
--- a/go/cmd/osv-linter-worker/Dockerfile
+++ b/go/cmd/osv-linter-worker/Dockerfile
@@ -15,7 +15,7 @@
 
 
 # Stage 1: Build the Go linter binary
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS go_builder
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS go_builder
 
 RUN apk add --no-cache git
 WORKDIR /src
diff --git a/vulnfeeds/cmd/combine-to-osv/Dockerfile b/vulnfeeds/cmd/combine-to-osv/Dockerfile
index c46256256c9..536dca25b75 100644
--- a/vulnfeeds/cmd/combine-to-osv/Dockerfile
+++ b/vulnfeeds/cmd/combine-to-osv/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src
@@ -26,7 +26,7 @@ RUN go build -o combine-to-osv ./cmd/combine-to-osv/
 RUN go build -o download-cves ./cmd/mirrors/download-cves/
 
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 RUN apk --no-cache add jq
 
 WORKDIR /root/
diff --git a/vulnfeeds/cmd/converters/alpine/Dockerfile b/vulnfeeds/cmd/converters/alpine/Dockerfile
index c87b907cbef..f21b8a4d129 100644
--- a/vulnfeeds/cmd/converters/alpine/Dockerfile
+++ b/vulnfeeds/cmd/converters/alpine/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src
@@ -25,7 +25,7 @@ COPY ./ /src/
 RUN go build -o alpine-osv ./cmd/converters/alpine/
 
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 WORKDIR /root/
 COPY --from=GO_BUILD /src/alpine-osv ./
diff --git a/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile b/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile
index 2e40390adea..517f30918f0 100644
--- a/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile
+++ b/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS go_build
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS go_build
 
 RUN mkdir /src
 WORKDIR /src
@@ -25,7 +25,7 @@ RUN go mod download && go mod verify
 COPY ./ /src/
 RUN go build -o cve-bulk-converter ./cmd/converters/cve/cve5/bulk-converter/
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 RUN apk --no-cache add jq
 
 WORKDIR /root/
diff --git a/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile b/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile
index 9b3acfa880c..85a28fe168a 100644
--- a/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile
+++ b/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 WORKDIR /go/src
 
@@ -22,7 +22,7 @@ RUN go mod download && go mod verify
 COPY . .
 RUN CGO_ENABLED=0 go build -v -o /usr/local/bin ./cmd/converters/cve/nvd-cve-osv ./cmd/mirrors/download-cves
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 RUN apk --no-cache add jq
 
 COPY --from=GO_BUILD /usr/local/bin/ ./usr/local/bin/
diff --git a/vulnfeeds/cmd/converters/debian/Dockerfile b/vulnfeeds/cmd/converters/debian/Dockerfile
index 368a094b4e8..163a9b342c4 100644
--- a/vulnfeeds/cmd/converters/debian/Dockerfile
+++ b/vulnfeeds/cmd/converters/debian/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src
@@ -25,7 +25,7 @@ COPY ./ /src/
 RUN go build -o debian ./cmd/converters/debian/
 
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 WORKDIR /root/
 COPY --from=GO_BUILD /src/debian ./
diff --git a/vulnfeeds/cmd/converters/dsa-dla-dtsa/Dockerfile b/vulnfeeds/cmd/converters/dsa-dla-dtsa/Dockerfile
index 552479dd504..d06fa96d242 100644
--- a/vulnfeeds/cmd/converters/dsa-dla-dtsa/Dockerfile
+++ b/vulnfeeds/cmd/converters/dsa-dla-dtsa/Dockerfile
@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS build
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS build
 
 WORKDIR /src
 
diff --git a/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile b/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile
index 1b6eeab383b..8f83c8ec249 100644
--- a/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile
+++ b/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src
@@ -24,7 +24,7 @@ RUN go mod download
 COPY ./ /src/
 RUN CGO_ENABLED=0 go build -o cpe-repo-gen ./cmd/mirrors/cpe-repo-gen
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 RUN apk add --no-cache unzip
 
diff --git a/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile b/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile
index 9700ca2dd66..c08f0bb5718 100644
--- a/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile
+++ b/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 RUN apk add py3-yaml
 
diff --git a/vulnfeeds/cmd/mirrors/download-cves/Dockerfile b/vulnfeeds/cmd/mirrors/download-cves/Dockerfile
index 6f4e18782c5..34da129d091 100644
--- a/vulnfeeds/cmd/mirrors/download-cves/Dockerfile
+++ b/vulnfeeds/cmd/mirrors/download-cves/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.26.4-alpine@sha256:f23e8b227fb4493eabe03bede4d5a32d04092da71962f1fb79b5f7d1e6c2a17f AS GO_BUILD
+FROM golang:1.26.4-alpine@sha256:3ad57304ad93bbec8548a0437ad9e06a455660655d9af011d58b993f6f615648 AS GO_BUILD
 
 RUN mkdir /src
 WORKDIR /src
@@ -24,7 +24,7 @@ RUN go mod download
 COPY ./ /src/
 RUN go build -o download-cves ./cmd/mirrors/download-cves/
 
-FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:5d433d2e7bba6bb4710f58280681effd190720c57156a582e7ed905e7a57c65c
+FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:83f44d07c7832c910501f0fd4edfe67f5dce3570886865ecbf72e3b4fc69af57
 
 WORKDIR /usr/local/bin
 COPY --from=GO_BUILD /src/download-cves ./