feat: add ref filtering to VulnerabilityReadsFinder (!216471) · Merge requests · GitLab.org / GitLab

Relates to issue #555995

Changes

This MR implements filtering by security_project_tracked_context_id in the VulnerabilityReadsFinder.

Files Modified

1. ee/app/finders/security/vulnerability_reads_finder.rb

Added parameter documentation for security_project_tracked_context_id in the class docstring
Added filter_by_security_project_tracked_context_id method call in the execute method
Implemented the filter_by_security_project_tracked_context_id private method following the same pattern as filter_by_cluster_agent_id

2. ee/app/models/vulnerabilities/read.rb

Added by_security_project_tracked_context_id scope following the same pattern as existing scopes

3. ee/spec/finders/security/vulnerability_reads_finder_spec.rb

Added comprehensive test coverage with a new context "when filtered by security_project_tracked_context_id" including:
- Test with single tracked context ID
- Test with multiple tracked context IDs
- Test with nil values (returns all vulnerabilities without filtering)
- Test with blank array (returns all vulnerabilities without filtering)
- Test combining security_project_tracked_context_id filter with other filters (severity)
- Test when vulnerable is a Group with single and multiple tracked context IDs

Implementation Details

The implementation follows the exact same pattern as existing filters in the codebase (e.g., filter_by_cluster_agent_id, filter_by_scanner_ids) to ensure consistency and maintainability.

Edited Dec 15, 2025 by Michał Zając

feat: add ref filtering to VulnerabilityReadsFinder