Persist findings to SQLite on every scan completion

[ionfwsrijan]

Description

With the schema in place, the /scan and /scan-url endpoints need to write their findings into the database after each scan completes. This is what builds the training dataset over time.

What to implement

• After findings are aggregated from Semgrep, OSV-Scanner, and Gitleaks, insert each finding into the findings table using the schema from Issue 1.1
• Insert a row into the jobs table for each new job
• Each finding should get a stable id — use uuid4() so it can be referenced later
• Wrap the insert in a try/except so a DB write failure never crashes the scan response

Acceptance criteria

• Every completed /scan and /scan-url call writes to findings and jobs
• A DB write failure logs a warning but does not affect the API response
• Findings are queryable with sqlite3 patchpilot.db "SELECT * FROM findings LIMIT 5;"

---

[khushboo-khatoon]

hey @ionfwsrijan

I would like to work on this issue.
I believe I can implement the required changes and would appreciate it if you could assign it to me.

Thank you!

[ionfwsrijan]

Hey @khushboo-khatoon!

You've been assigned to this issue.

Before you start, a couple of quick things:

⭐ Star the repo — it helps the project grow and supports the roadmap
🔀 Fork it — work on your fork and open a PR from there when ready

Feel free to drop a comment here if you run into anything or have questions while implementing. Happy building!