[go: up one dir, main page]
Skip to content

BE: Create dismissal tracking infrastructure and database schema for warn mode

Why are we doing this work

This backend implementation creates the database infrastructure and models needed to track security finding dismissals in warn mode. When policies are in warn mode, developers can dismiss individual security findings that violate policies, and this system tracks those dismissals with full audit trails and proper data relationships.

This is a foundational backend dependency for the Policies Warn Mode epic and enables tracking of dismissed findings across merge requests and policy changes.

Relevant links

Implementation

  • Create security_finding_policy_dismissals table with proper indexes and foreign key constraints
  • Implement Security::FindingPolicyDismissal model with validations and scopes
  • Add dismissal relationships to MergeRequest and Security::Policy models
  • Create cleanup worker for orphaned and expired dismissals
  • Add data consistency checks for policy recreation scenarios
  • Implement bulk dismissal operations for performance
  • Add audit event generation for dismissal actions

Technical notes

  • Table must handle high volume of dismissal records efficiently
  • Foreign key constraints must account for security_findings partitioning limitations
  • Cleanup worker should handle policy deletion and MR closure scenarios
  • Model relationships should support efficient querying of dismissed findings
  • Dismissal records should survive policy recreation when possible
  • Bulk operations needed for performance when dismissing multiple findings
  • Proper indexing required for dismissal lookup and cleanup operations

Validation Steps

  • security_finding_policy_dismissals table created with proper schema and indexes
  • Security::FindingPolicyDismissal model validates finding_uuid and policy relationships
  • MergeRequest model can efficiently query dismissed findings
  • Security::Policy model can access dismissal records
  • Cleanup worker removes orphaned dismissals and handles expired scenarios
  • Bulk dismissal operations perform efficiently with large finding sets
  • Audit events generated for all dismissal actions
  • Data consistency maintained during policy recreation