Register SARIF parser behind sarif_ingestion feature flag (!230156) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Wires Gitlab::Security::Parsers::Sarif into the EE parser registry (ee/lib/ee/gitlab/ci/parsers.rb) so that artifacts:reports:sarif artifacts are parsed and ingested into the vulnerability pipeline.

The parser was previously unreachable: the class existed, the artifact type was registered, but Parsers.fabricate!(:sarif) raised ParserNotFoundError because the EE registry had no entry for it.

The registration is gated behind the sarif_ingestion feature flag (type: wip, default: disabled) to allow controlled rollout per project.

Also adds the artifacts:reports:sarif section to the CI/CD artifact reports reference page (doc/ci/yaml/artifacts_reports.md), including a feature flag history block and [!flag] alert noting that the feature is disabled by default behind sarif_ingestion.

Relates to Direct Upload Support for SARIF Reports (#452042)
Closes #594476 (closed)

MR acceptance checklist

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 06, 2026 by Lucas Charles

Register SARIF parser behind sarif_ingestion feature flag

What does this MR do and why?

MR acceptance checklist

Merge request reports