[BE] Only scan projects for which continuous vulnerability scans are enabled

Problem to solve

Continuous Vulnerability Scanning is a Beta feature and is only available for projects which have enabled this setting (see #423903 (closed) and #424374 (closed)).

Proposal

Update continuous vulnerability scans to filter out projects which do not have the continuous_vulnerability_scans_enabled attribute enabled.

Implementation plan

add a new scope (similar to filter_by_non_nil_component_version) to Sbom::Occurrence which only returns projects that have continuous_vulnerability_scans_enabled: true:

scope :filter_by_cvs_enabled, -> do
  joins(project: :security_setting)
    .where(project_security_settings: { continuous_vulnerability_scans_enabled: true })
end

update Sbom::PossiblyAffectedOccurrencesFinder to use filter above

Does this feature require an audit event?

TBD

Edited Sep 14, 2023 by Adam Cohen