Move file upload out of vulnerability ingestion transaction

Harrison Petersrequested to merge
hptrs-589516-move-file-uploads-out-of-ingestion into master

What does this MR do and why?

Moves file upload operations for vulnerability remediations out of the ingestion transaction by deferring them to after_commit.

Previously, upload_remediations in Security::Ingestion::Tasks::IngestRemediations was called synchronously during vulnerability ingestion, causing HTTP file uploads to object storage to occur inside the database transaction. This may contribute to holding locks longer than necessary.

Part of #589516

Feature Flag

  • Name: move_remediation_uploads_outside_transaction
  • Type: gitlab_com_derisk
  • Default: disabled

How to set up and validate locally

  1. Enable the feature flag:

    Feature.enable(:move_remediation_uploads_outside_transaction)

  2. Run a security scan that produces remediations

  3. Verify remediations are created and files are uploaded correctly after ingestion completes

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Harrison Peters

Merge request reports