Wire project-level tracked ref filter (!224279) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Wire up the project-level tracked ref filter by passing trackedRefIds and trackedRefsScope variables to project_vulnerabilities GraphQL query.

This will make them fully functional, as opposed to the current state where they just render but don't have an effect on the filtering.

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

Enable the feature flags: http://gdk.test:3000/rails/features/vulnerabilities_across_contexts and http://gdk.test:3000/rails/features/vulnerability_report_tracked_ref_filter
Navigate to a vulnerability report
Change the 'Tracked Ref' filter
Verify that the shown vulnerabilities are updated (not - only default branch vulns are currently shown)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #555992

Edited Feb 27, 2026 by David Pisek

Wire project-level tracked ref filter

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports