Temporary admin setting for VAC for Dedicated

Ryan Wellsrequested to merge
rw/vac-for-dedicated into master

What does this MR do and why?

We plan to roll out Vulnerabilities Across Contexts through a feature flag, but for Dedicated instances (some of whom are in our Closed Beta) we do not have this ability. Our best next option is a control that is only exposed to Dedicated customers to opt-in/out specific projects.

The wording here is intentionally obscure. Relevant customers will be provided documentation on what this does, and the intent behind the obscurity is that other customers simply ignore or do not find this setting. This is not a perfect solution, but it is a reasonable way to work around the constraints that we have.

Screenshots or screen recordings

Screenshot 2026-03-04 at 23.12.24.png

How to set up and validate locally

Best way to check this is to edit ee/app/views/admin/application_settings/security_and_compliance.html.haml:L85 to add an additional || true on the end (e.g. circumvent the dedicated check) and reload the admin page.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports