Add configurable security scan stale_after duration

Gregory Havengarequested to merge
ghavenga-589550-configurable-security-scan-stale-after into master

What does this MR do and why?

Allows administrators to configure how long security scan data is retained before being purged. The retention period can be set between 7-90 days via the Admin Area > Settings > Security and Compliance page.

Defaults:

  • GitLab.com: 30 days
  • Self-managed: 90 days

This addresses the need for administrators to have control over security scan data retention based on their specific compliance and storage requirements.

Closes Make security scan stale_after duration a confi... (#589550) • Gregory Havenga • 18.10

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Start GDK
  2. Navigate to Admin Area > Settings > Security and Compliance
  3. Find the new "Security scans" section
  4. Configure the retention period (7-90 days)
  5. Verify the setting is persisted

Screenshots or screen recordings

To be added

Edited by Chad Woolley

Merge request reports