Draft: Add BBM to delete orphaned dependency scanning Security::Scan records

Albina Yusupovarequested to merge
remove-orphaned-dependency-scans into master

What does this MR do and why?

Add batched background migration to delete orphaned Dependency Scanning Security::Scan records.

When the Dependency Scanning using SBOM beta feature processes SBOM reports, it creates Security::Scan records in a created state. However, the cleanup logic only runs when the security report has data. Since SBOM reports may have blank security data (when they're incompatible with the DS analyzer), these records are skipped during cleanup and remain in the created state indefinitely.

This MR adds a batched background migration to remove these orphaned records that have been in created state for more than 7 days.

Note: This complements !212842 (merged), which fixes the code to prevent new orphaned records from being created. This migration cleans up the existing backlog.

References

DS using SBOM feature creates dangling Security... (#580826)

Remove dangling scans even if there are no scan... (!212842 - merged)

How to set up and validate locally

TBA

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports