Scanner data inconsistency between `vulnerability_reads` and `vulnerability_occurrences`

Summary

The scanner data can be inconsistent between the vulnerability_reads and vulnerability_occurrences tables for the same vulnerability.

This can in the following case;

1. The user runs a security scan with the gemnasium scanner.
2. We create vulnerability_reads and vulnerability_occurrences records for the detected vulnerabilities and associate them with the gemnasium scanner.
3. The user runs another security scan with the gemnasium-maven scanner.
4. The second scan reports the same vulnerabilities with the first one with only one difference; "the scanner".
5. We update the vulnerability_occurrences table and associate the existing records with the new scanner.
6. We don't update the vulnerability_reads and the existing records in that table still point to the old scanner.

At this point, we have inconsistent data as the vulnerability_reads and vulnerability_occurrences point to different scanners for the same vulnerability.

This breaks;

• Marking the vulnerabilities as "no longer detected on the default branch" logic.
• Filtering the vulnerabilities by tool on the vulnerability report page.

Steps to reproduce

Follow the aforementioned steps.

Example Project

https://gitlab.com/gitlab-org/govern/demos/sandbox/minac/static-reports/inconsistent-data-between-vulnerability_reads-and-vulnerability_occurrences

What is the current bug behavior?

Data becomes inconsistent.

What is the expected correct behavior?

Data consistency should be guaranteed.

Output of checks

This bug happens on GitLab.com

Possible fixes

TBD

Verification Steps

Detailed in the MR !148016 (merged)