Set security_project_tracked_context during vulnerability ingestion

Brian Williamsrequested to merge
bwill/add-tracked-refs-to-vulnerability-ingestion into master

What does this MR do and why?

We are working on tracking vulnerabilities across different branches. To do this, vulnerability_reads, vulnerability_occurrences, and vulnerability_statistics need to be associated with a security_project_tracked_context_id. This change sets the ID during vulnerability ingestion.

Continuous vulnerability scanning creates vulnerabilities from multiple different projects / pipelines at the same time. So, we associate the tracked context with a finding_map instance, and use TrackedContextFinder to find or create the context. This class has a cache based on pipeline ID so that we only execute queries once per pipeline.

References

Relates to: #577337 (closed), #555981 (closed)

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Brian Williams

Merge request reports