Aysegul Acar activity https://gitlab.com/aysegula 2026-03-19T09:15:13Z tag:gitlab.com,2026-03-19:5220849410 Aysegul Acar commented on issue #585505 at GitLab.org / GitLab 2026-03-19T08:07:32Z aysegula Aysegul Acar

Thanks for quick response Samantha! They confirmed that the MR was created after the upgrade. They just created a new pipeline in the same MR and still having the same issue.

They also ran the query below in Rails. pipeline.complete_or_manual? returns true and status is preparing for all scans.

pipeline = Ci::Pipeline.find(<pipeline_id>) 

pipeline.complete_or_manual? 

Security::Scan
  .by_pipeline_ids(pipeline.self_and_project_descendants.pluck_primary_key)
  .not_in_terminal_state
  .pluck(:id, :pipeline_id, :scan_type, :status)'
 tag:gitlab.com,2026-03-18:5215805096 Aysegul Acar commented on issue #585505 at GitLab.org / GitLab 2026-03-18T06:02:44Z aysegula Aysegul Acar

Hi team, we have a customer who recently upgraded from 18.8.4 to 18.9.1 and started having this issue. ZD ticket (Internal only)

We confirmed that enabledSecurityScans returning ready: false. They are using scan policies but not child pipelines. I asked them to run the Rails script here @sming-gitlab mentioned.

This bug should have been fixed in 18.9 but appeared in this version for this customer. Could we get some help identifying why this is the case for them? This is a bit urgent fro them.