Add email delivery for vulnerabilities exports (!183169) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This MR adds a notification email when vulnerability exports finish. This facilitates moving exports to an asynchronous workflow.

There are additional changes needed before this feature is complete, which will be handled outside this MR:

Add a cron worker to delete expired exports
Update frontend to indicate that export will be delivered via email instead of polling for status

References

https://gitlab.com/gitlab-org/gitlab/-/issues/454794

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Enable feature flags:

Feature.enable(:asynchronous_vulnerability_export_delivery_for_groups)
Feature.enable(:asynchronous_vulnerability_export_delivery_for_projects)

Go to http://gdk.local:3000/<project>/-/security/vulnerability_report and click the export button
Open http://gdk.local:3000/rails/letter_opener/ and check for email

HTML email	Text email

Edited Mar 03, 2025 by Ugo Nnanna Okeadu

Add email delivery for vulnerabilities exports

What does this MR do and why?

References

MR acceptance checklist

How to set up and validate locally

Merge request reports