GitLab customers with an active subscriptions can reach out to [GitLab Support](https://support.gitlab.com/) when encountering unexpected problems with this change. --- [[_TOC_]] ### Problem Today, GitLab retains vulnerability data indefinitely. Querying the data becomes less performant, due to large quantities of data. [Additional details are available here](https://docs.google.com/document/d/19BZ15xgKz0d5qYCksHGpc--AmFGeYR-sMj1YQYpnCdY/edit?usp=sharing). ### Solution Introduce a 12-month retention limit for vulnerabilities. Archive vulnerabilities which have not been updated in a year, for up to 3-years. Adding these limits will enable the sec section to reduce our load on GitLab’s Postgres database by \~50% so we can continue building new features, ### Acceptance Criteria 1. All vulnerabilities that are older than 12 months, and which have not been updated in the past 12 months, will automatically be archived into cold storage. 2. Archives will be retained for 3 years and can be accessed via the UI. 3. After 3 years, the data will be permanently deleted.