Add enrichment filters scope to security approval policies

Imam Hossainrequested to merge
imam_h/591177-security-policies-scope-for-sync-finding-enrichments into master

What does this MR do and why?

Add enrichment filters to security approval policies

Introduces a new with_enrichment_filters scope for ApprovalPolicyRule to identify rules that leverage vulnerability attributes like EPSS score or known exploited status.

The usage of the scopes can be seen in !224516 (merged)

Queries

query: policy.has_enrichment_filters?

SELECT 1 AS one FROM "approval_policy_rules" WHERE "approval_policy_rules"."security_policy_id" = 922 AND (rule_index >= 0) AND (approval_policy_rules.content->'vulnerability_attributes'->>'known_exploited' IS NOT NULL OR approval_policy_rules.content->'vulnerability_attributes'->'epss_score' IS NOT NULL) LIMIT 1
Limit  (cost=0.14..2.17 rows=1 width=4)
  ->  Index Scan using index_approval_policy_rules_on_unique_policy_rule_index on approval_policy_rules  (cost=0.14..2.17 rows=1 width=4)
        Index Cond: ((security_policy_id = 922) AND (rule_index >= 0))
        Filter: ((((content -> 'vulnerability_attributes'::text) ->> 'known_exploited'::text) IS NOT NULL) OR (((content -> 'vulnerability_attributes'::text) -> 'epss_score'::text) IS NOT NULL))
#<PG::Result:0x0000000142cbcc60 status=PGRES_TUPLES_OK ntuples=4 nfields=1 cmd_tuples=0

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #591177

Merge request reports