Fix lookup of find_diff_start_pipeline_with_security_reports (!185162) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Fix lookup of find_diff_start_pipeline_with_security_reports method.

When no common ancestor pipeline is found for scan finding policy evaluation, we look for pipelines matching diff_start_sha.

This method uses has_sbom_reports? to lookup the pipelines. We should use has_security_reports?, as the method name suggests.

This leads to cases when the target pipeline is not found.

The actual issue of having no target pipeline was unintentionally somewhat fixed by !184445 (merged) where we added fallback by reusing a shared method, so if merge_request.latest_scan_finding_comparison_pipeline returns nil, we use merge_request.latest_pipeline_for_target_branch. However, this may not be fully always accurate.

References

RFH: https://gitlab.com/gitlab-com/request-for-help/-/issues/2501#note_2406717567

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Mar 19, 2025 by Martin Cavoj

Fix lookup of find_diff_start_pipeline_with_security_reports

What does this MR do and why?

References

MR acceptance checklist

Merge request reports