What this PR does / why we need it:
We do already re-use existing BDBA scans for an artefact version in case only the component version has changed. However, we have still stored the scan results for each component version separately, resulting in duplicated findings in case the artefact version did not change. To deduplicate those findings, don't store the component version anymore. However, this also requires downstream adjustments since with this change it is not possible anymore to retrieve all findings for a component version directly, but instead the included artefact versions must be specified as well.
What this PR does / why we need it: We do already re-use existing BDBA scans for an artefact version in case only the component version has changed. However, we have still stored the scan results for each component version separately, resulting in duplicated findings in case the artefact version did not change. To deduplicate those findings, don't store the component version anymore. However, this also requires downstream adjustments since with this change it is not possible anymore to retrieve all findings for a component version directly, but instead the included artefact versions must be specified as well.
Which issue(s) this PR fixes: Fixes #
Special notes for your reviewer:
Release note: