Introduce Backend fields

Vasyl Pedakrequested to merge
vpedak-sec-analyzer-stale-on-consec-bypass into master

What does this MR do and why?

Introduces the foundational backend fields for the new stale analyzer status in Security Inventory.

Currently, when a scanner is temporarily skipped in a pipeline (e.g. conditional CI run, on-demand DAST), Security Inventory marks it as not_configured, hiding scan results and related links from AppSec engineers. The fix is to preserve the last known status and transition it to stale only after 3 consecutive default-branch pipelines where the scanner was absent.

This MR adds the two DB columns needed to track that:

  • consecutive_absence_count on analyzer_project_statuses — counts how many consecutive pipelines a scanner was absent
  • stale on analyzer_namespace_statuses — aggregated stale count at the group level

It also adds :stale to the ANALYZER_STATUSES enum and surfaces it in the GraphQL AnalyzerStatusEnum. Service and UI changes follow in subsequent MRs.

References

Issue: #578392

Parent task: #596019 (closed)

Next task with the services updates: #596020

How to set up and validate locally

No visible changes in system behaviour.

Given a project within a group with most analyser statuses executed at least once.

  1. Migrate
  2. Go to Security Inventory
  3. See it loads groups and projects, no errors in GraphQL queries in network
  4. Run a pipeline, see the analyser statuses updated for project and containing group, no errors in GraphQL queries in network

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vasyl Pedak

Merge request reports