SD/Exclude No Longer Detected - Backend - Add a new table `detection_transitions`

TL;DR

Add a new table detection_transitions, related to vulnerability_findings so that they are ref context aware. When resolved_on_default_branch flips to true, add a entry in this table.

Acceptance Criteria

Migration adds detection_transitions table to track no longer detected vulnerabilites
When resolved_on_default_branch would be set to true, add an entry to detection_transitions
Field is set in both mark_as_resolved_service.rb, starboard_vulnerability_resolve_service.rb and mark_resolved_as_detected.rb
No backfill is performed (historical data will be captured on next pipeline run)

Implementation Details

Write a migration to add a new table detection_transitions, related to vulnerability_findings so that they are ref context aware
Change the application logic to create a new detection transition record when a vulnerability stops being detected. Places to change (please double check at the time of implementation)
- ee/app/services/vulnerabilities/starboard_vulnerability_resolve_service.rb
- ee/app/services/security/ingestion/tasks/ingest_vulnerabilities/mark_resolved_as_detected.rb
  - If a vuln is redetected, a new detection_transition is made
- ee/app/services/security/ingestion/mark_as_resolved_service.rb
  - If a vuln is no longer detected, a new detection_transition is made

*** No backfill is needed for this as we can't backfill this since we don't know when it was actually resolved on the default branch in the past

Estimate

Need to look at again.

Dependencies

References and Resources

_Copied from Bala from the slack discussion: _

This will be new activity capture on the product where currently we do not have it captured, so technically we do not require a ES backfill if we start to sync to ES right away when we also store this data in PG.

Edited Dec 02, 2025 by Subashis Chakraborty

SD/Exclude No Longer Detected - Backend - Add a new table detection_transitions