Create `security_scans` and `security_findings` for available scan types in the free tier
Why are we doing this work
As we are trying to remove the Security::PipelineVulnerabilitiesFinder
, we need to start creating records in the security_scans
and the security_findings
tables to keep serving the data for the projects using available scan types in the free tier.
We are not using security_findings
and security_scans
data for projects in the free tier, but we are planning to solely depend on security_findings
table to generate the response for the MR widget which is available for SAST and Dependency Scanning in free tier.
This means we will be storing the security_findings
for all the projects but, if we can't/won't do this, then we need to find another way to speed up the reports comparison.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
TBD
Verification steps
-
TBD
Edited by Thiago Figueiró