Added check for membership lock before SAST worker trigger (!216779) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

This MR disallows calling the worker Vulnerabilities::TriggerFalsePositiveDetectionWorkflowWorker which initiates SAST FP detection workflow when a vulnerability is created if the root ancestor or group of the project has locked membership for the project.

This is being done as the StartWorkflowService adds a service account to the project for starting the workflow, and this fails because of the locked membership and results into worker failing and retrying uselessly.

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #584239

Edited Dec 17, 2025 by Hitesh Raghuvanshi

Added check for membership lock before SAST worker trigger

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports