Store SAST scan results into the database

Problem to solve

Data from SAST reports should be in the database, and consumers should use that backend instead of the raw JSON report.

This is required in order to present SAST results in a group-level Security Dashboard. See https://gitlab.com/gitlab-org/gitlab-ee/issues/6709 and https://gitlab.com/gitlab-org/gitlab-ee/issues/6240

Also, it could be use to improve the performance of the existing Security Dashboard. See https://gitlab.com/gitlab-org/gitlab-ee/issues/6165

Further details

If consumers need to elaborate or aggregate data from many reports (e.g., group level features) it is not possible to use artifacts for that without heavily affecting performances.

Proposal

Save SAST reports in the database when they are collected from the Runner. Make this information available to the frontend via backend calls.

For the first iteration, it will not replace the artifact access. We can decouple this change and update the frontend independently.

Edited Jul 13, 2018 by Fabien Catteau