Resolve "Ensure vulnerability creation from Security Findings/API associates records with vulnerability tracked context" (!214064) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This code change adds tracking context to vulnerability_finding and vulnerbility_reads entries when vulnerability are created in the following scenarions:

Security finding operations:
- Issue creation
- Merge request creation
- Link to an external issue
- Dismissal
Vulnerability created via API/Graphql

If no tracking context exist for the requested reference (branch or tag) a new context is created

References

How to set up and validate locally

In rails console enable feature flag

Feature.enable(:vulnerabilities_across_contexts)

Import project with vulnerabilities (e.g: https://gitlab.com/gitlab-examples/security/security-reports)
Create branch
Run pipeline on new branch
Select a security finding in the pipeline>security tab
Create issue for the security finding
In rails console check that track context has been created for the branch with attributes {is_default: false, context_type: branch, state: 1, context_name: BRANCH_NAME }
```
Security::ProjectTrackedContext.all
```

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #582039

Edited Dec 08, 2025 by Schmil Monderer

Resolve "Ensure vulnerability creation from Security Findings/API associates records with vulnerability tracked context"

What does this MR do and why?

References

How to set up and validate locally

MR acceptance checklist

Merge request reports