### Problem Based on the spike research in https://gitlab.com/gitlab-org/gitlab/-/issues/553189, we've identified that security policy violations are currently registered for all branches and filtered later during evaluation. This creates: * Technical debt in the violation system * False positive violation details in Policy Bot comments * Confusing approval settings behavior where policies apply regardless of branch rules * Performance inefficiencies ### Solution Implement pre-filtering of policy violations based on branch rules before registration, rather than registering all violations and filtering them later. ### Key changes * In `ee/app/models/approval_project_rule.rb:265` , add branch matching evaluation before violation registration **Spike MR** https://gitlab.com/gitlab-org/gitlab/-/merge_requests/211374/diffs