Add dismissed_by_security_policy field to VulnerabilityType (!207323) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This MR adds a new field dismissed_by_security_policy to the VulnerabilityType. This new field will be used by FE to conditionally display a new badge, indicating that a vulnerability was introduced after dismissing a security policy, in the vulnerability report list.

Database query

SELECT
    security_policy_dismissals.*
FROM
    security_policy_dismissals
WHERE
    security_findings_uuids && ARRAY[ 'f4129fe1-7401-5d67-b36f-1382ca8fe06c' ]::text[];

https://postgres.ai/console/gitlab/gitlab-production-main/sessions/44010/commands/134719

References

Related to #549786

Screenshots or screen recordings

How to set up and validate locally

Follow the steps described on !206648 (merged) to dismiss a security finding in a MR.

After following these steps:

Merge the MR to introduce a new vulnerability
Go to -/graphql-explorer and use a query like:

{
  project(fullPath: "<your-project-full-path>") {
    vulnerabilities {
      nodes {
        uuid
        dismissedBySecurityPolicy
      }
    }
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Oct 02, 2025 by Marcos Rocha

Add dismissed_by_security_policy field to VulnerabilityType

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports