Data inconsistency flaw for group-level dependency report

Why are we doing this work

As we have de-normalized the traversal_ids and archived attributes to the vulnerability_reads table, it's possible to have a data inconsistency under the following conditions;

The project becomes archived while running the ingestion logic
Namespace or project moves while running the ingestion logic

This can happen because we are using the application-level in-memory representations of the project and namespace records while setting the traversal_ids and archived attributes. If these attributes change while running the ingestion logic, the application-level representation of the data won't be changed and the ingestion logic will keep setting the previous versions of the attributes. Background jobs implemented to reset the attributes might not address this problem because there is no synchronization between the ingestion logic and those background jobs which means the background job can be completed before the ingestion logic completes which creates new records with the old version of attributes.

We need to address this flaw.

Data inconsistency flaw for group-level dependency report

Why are we doing this work

Implementation plan

Verification steps