Associate security_scans with vulnerability_scanners

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Why are we doing this work

Currently, we are associating the security_findings with vulnerabilitity_scanners but it's not possible to have multiple scanners for a single report artifact so it's better if we associate the security_scans with vulnerability_scanners instead.

Current ERD(partial)

security_findings_vulnerability_scanners

Suggested ERD(partial)

security_findings_vulnerability_scanners__1_

The benefit will be occupying less space to store the data.

Implementation plan

  • database Add a new column called scanner_id to security_scans table
  • backend Adjust the service classes responsible for creating the security_scans to set this new column
  • database Create a background migration to populate the column values for existing records if possible
  • backend Stop setting the scanner_id column of security_findings
  • database drop scan_id column of security_findings(This can take longer than 1 milestone as we can't drop column easily as we have to ignore it first)

Verification steps

TBD

Edited by 🤖 GitLab Bot 🤖