SyncScanPolicies spawns high amount of workers leading to saturation

Summary

A single merge request in a security policy project triggered an uncontrolled cascade of 500+ Sidekiq jobs and 9,000+ Git operations within 2.5 seconds, causing system-wide performance degradation on GitLab Dedicated.

Impact

Resource Impact:

• 500+ Sidekiq jobs spawned in 2.5 seconds
• 9,278 Gitaly operations across 50+ projects in the namespace
• 25 groups affected simultaneously by single policy update

Job Cascade Pattern:

Security::SyncScanPoliciesWorker (28+)
├── Security::PersistSecurityPoliciesWorker (50+)
    ├── Security::SyncPolicyWorker (15+)
        └── Security::SyncProjectPolicyWorker (200+)
    └── Security::CollectPoliciesLimitAuditEventsWorker (50+)

Recommendation

Verification