Add context-aware UUID generation for vulnerability findings

Gregory Havengarequested to merge
ghavenga-587625-finding-uuid-with-context into master

What does this MR do and why?

Implements Phase 1 of the Finding UUID migration to support vulnerabilities across contexts (#587625 (closed)).

This adds context-aware UUID generation for Vulnerabilities::Finding that includes the security_project_tracked_context_id, enabling unique identification of findings per branch/tag context.

Changes

  • Add Security::VulnerabilityUUID.generate_v2 method that accepts an optional context_id parameter
  • Update Security::Ingestion::FindingMap#to_hash to populate new_uuid with context-aware UUID
  • Update Security::VulnerabilityScanning::FindingMap with the same changes
  • Add comprehensive tests for the new UUID generation

How does it work?

The new_uuid column is populated during ingestion when a tracked context exists (guaranteed for default branch pipelines via FindOrCreateService). The UUID is generated using:

  • Report type
  • Primary identifier fingerprint
  • Location fingerprint
  • Project ID
  • Context ID (tracked context)

When there's no tracked context, new_uuid remains NULL for backward compatibility.

Migration Plan

This is Phase 1 of a 5-phase migration:

  1. This MR - Start populating new_uuid for new findings
  2. #587798 - Backfill new_uuid for existing findings
  3. #587799 - Add NOT NULL constraint
  4. #587800 - Transition GitLab to use new_uuid
  5. #587801 - Drop old uuid column and rename new_uuid

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #587625 (closed)

Merge request reports