Security Dashboard – Backend – Create feature flag and service (!222845) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

We are adding the new_security_dashboard_attribute_filters feature flag and we are create a service that takes security attribute filters and a namespace, and returns the list of project IDs that match those attributes by querying Security::ProjectToSecurityAttribute

Main issue: #588771
Parent epic: gitlab-org#18201

Query Plan

SELECT DISTINCT project_id
FROM project_to_security_attributes
WHERE (
    project_to_security_attributes.traversal_ids >= '{1}'
    AND '{2}' > project_to_security_attributes.traversal_ids
  )
  AND EXISTS (
    SELECT 1 FROM project_to_security_attributes exists_ptsa
    WHERE exists_ptsa.project_id = project_to_security_attributes.project_id
    AND exists_ptsa.security_attribute_id IN (1, 2)
  )
  AND NOT EXISTS (
    SELECT 1 FROM project_to_security_attributes not_exists_ptsa
    WHERE not_exists_ptsa.project_id = project_to_security_attributes.project_id
    AND not_exists_ptsa.security_attribute_id = 3
  );

See: https://console.postgres.ai/gitlab/gitlab-production-sec/sessions/49009/commands/146568

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Feb 20, 2026 by Charlie Kroon

Security Dashboard – Backend – Create feature flag and service

What does this MR do and why?

Query Plan

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports