Prefer vulnerability author for triggering resolution workflows (!231645) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Currently we are preferring project's first human owner for triggering workflows and using vulnerability author as a fallback but now we are reversing that by preferring author and using human owner as fallback.

This change is behind a feature flag prefer_vulnerability_author_for_workflows.

https://gitlab.com/gitlab-org/gitlab/-/work_items/596910

How to set up and validate locally

Enable feature flag Feature.enable(:prefer_vulnerability_author_for_workflows).
Trigger workers for workflows for SAST FP, SAST VR and Secret FP in rails console

Vulnerabilities::TriggerFalsePositiveDetectionWorkflowWorker.perform_async(<vulnerability_id>)
Vulnerabilities::TriggerResolutionWorkflowWorker.perform_async(<vulnerability_flag_id>)
Vulnerabilities::TriggerSecretDetectionFalsePositiveDetectionWorkflowWorker.perform_async(<vulnerability_id>)

All of these should get triggered without error

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Apr 16, 2026 by Hitesh Raghuvanshi

Prefer vulnerability author for triggering resolution workflows

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports