[BE] Only scan projects for which continuous vulnerability scans are enabled
Problem to solve
Continuous Vulnerability Scanning is a Beta
feature and is only available for projects which have enabled this setting (see #423903 (closed) and #424374 (closed)).
Proposal
Update continuous vulnerability scans to filter out projects which do not have the continuous_vulnerability_scans_enabled attribute enabled.
Implementation plan
-
add a new scope (similar to filter_by_non_nil_component_version) to Sbom::Occurrence which only returns projects that have
continuous_vulnerability_scans_enabled: true
:scope :filter_by_cvs_enabled, -> do joins(project: :security_setting) .where(project_security_settings: { continuous_vulnerability_scans_enabled: true }) end
-
update Sbom::PossiblyAffectedOccurrencesFinder to use filter above
Does this feature require an audit event?
TBD
Edited by Adam Cohen