Phase 1: Anti-flipping safeguard for vulnerability management policies (!210846) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This is the Phase 1 of the implementation of Anti-flipping safeguard for vulnerability manag... (#560836) • Charlie Kroon • 18.6. In Phase 1 we:

Create a new table: vulnerability_flip_guards
Add new model: Vulnerabilities::FlipGuard
Add specs for all the above

In the follow-up of this MR Phase 2 we will:

Introduce a new feature flag: vulnerability_anti_flip_safeguard which is (default: disabled)
Add has_one :flip_guard association to the Vulnerability model
Update AutoResolveService to check and track guards
Update MarkResolvedAsDetected to check and track guards
Add logging for blocked transitions
Add specs for all the above

Example:

CREATE TABLE vulnerability_flip_guards (
  id bigserial PRIMARY KEY,
  vulnerability_id bigint NOT NULL,
  project_id bigint NOT NULL,

  automated_transition_count smallint DEFAULT 1,
  first_automatic_transition_at timestamp with time zone NOT NULL,  # first time the vulnerability's state was changed
  last_automatic_transition_at timestamp with time zone NOT NULL, # most recent state change
  is_guarded boolean DEFAULT false NOT NULL,

  created_at timestamp with time zone NOT NULL,
  updated_at timestamp with time zone NOT NULL
);

References

Main Issue: #560836
Main task: #579015

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #560836

Edited Oct 31, 2025 by Charlie Kroon

Phase 1: Anti-flipping safeguard for vulnerability management policies

What does this MR do and why?

References

MR acceptance checklist

Merge request reports