Make AdvisoryScanner ingest multiple finding maps

Why are we doing this work

The work done in #420768 (closed) will allow us to ingest multiple vulnerabilities from differing projects all at once. This work is dependent on some changing the AdvisoryScanner so that it passes in batches of findings maps to the new vulnerability ingestion service created in #420768 (closed).

Relevant links

Non-functional requirements

  • Documentation:
  • Feature flag: advisory_scans_bulk_vulnerability_ingestion
  • Performance: The vulnerability insertion rate should be higher than that of the single vulnerability insertion service we're currently using.
  • Testing: The scanner should be tested with a group of projects to ensure that all findings are upserted at the same time.

Implementation plan

  • Create a new feature flag advisory_scans_bulk_vulnerability_ingestion
  • Update AdvisoryScanner so that it calls the new service (TBD) if the feature flag is enabled. The flag and logic will be inside of a method called create_vulnerabilities.
  • Update the log_success and log_error methods so that they use an array of project IDS instead of a singular ID.
  • Update the tests so that it verifies that the vulnerabilities created are logged for all the projects at once

Verification steps

Edited by Oscar Tovar