Ugo Nnanna Okeadu activity https://gitlab.com/uokeadu 2026-03-18T11:28:03Z tag:gitlab.com,2026-03-18:5217053074 Ugo Nnanna Okeadu commented on merge request !225819 at GitLab.org / GitLab 2026-03-18T11:28:03Z uokeadu Ugo Nnanna Okeadu

Thanks for working on this, LGTM @bryan_valdiviezo. Left one non-blocking suggestion, setting to merge 🚀

 tag:gitlab.com,2026-03-18:5217044150 Ugo Nnanna Okeadu approved merge request !225819: Added custom ordering for SAST scans at GitLab.org / GitLab 2026-03-18T11:26:07Z uokeadu Ugo Nnanna Okeadu

What does this MR do and why?

Problem

When multiple SAST scans run in the same pipeline (e.g., from different sources), the vulnerability ingestion process did not consistently prioritize Scan Execution Policy (SEP) results. This could result in inconsistent vulnerability severity reporting depending on scan completion order.

Solution

Implemented artifact ordering in StoreGroupedScansService to ensure SEP artifacts are processed first during the ingestion phase. This guarantees that SEP scan findings are consistently selected for ingestion, providing predictable and enforced security scan results.

Impact

  • Vulnerability reports now consistently reflect SEP scan results regardless of scan completion order
  • Organizations can rely on SEP to enforce uniform security scan configurations across projects
  • Improved predictability and consistency in security vulnerability reporting

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to: https://gitlab.com/gitlab-org/gitlab/-/work_items/500901

 tag:gitlab.com,2026-03-18:5217044102 Ugo Nnanna Okeadu commented on merge request !225819 at GitLab.org / GitLab 2026-03-18T11:26:07Z uokeadu Ugo Nnanna Okeadu

suggestion(test, non-blocking): I think report_2 is not used

 tag:gitlab.com,2026-03-17:5214432966 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T19:21:50Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (e0442d99) at 17 Mar 19:21

Fix spec timestamp precision

 tag:gitlab.com,2026-03-17:5214275951 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T18:31:40Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (7b666ff7) at 17 Mar 18:31

Batch project authorization and avoid large pluck

 tag:gitlab.com,2026-03-17:5214079906 Ugo Nnanna Okeadu commented on merge request !225819 at GitLab.org / GitLab 2026-03-17T17:34:55Z uokeadu Ugo Nnanna Okeadu

@bryan_valdiviezo any updates here?

 tag:gitlab.com,2026-03-17:5214042301 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T17:24:25Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (c0360d8f) at 17 Mar 17:24

Use match_array instead of eq

 tag:gitlab.com,2026-03-17:5214022414 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T17:19:16Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (b7bea172) at 17 Mar 17:19

Improve error handling in and refactor specs to use real authorization

 tag:gitlab.com,2026-03-17:5213917792 Ugo Nnanna Okeadu commented on merge request !227665 at GitLab.org / GitLab 2026-03-17T16:54:06Z uokeadu Ugo Nnanna Okeadu

note: the query plan will be updated with the link once Add vulnerability_finding_due_dates table to st... (!226308) is merged.

 tag:gitlab.com,2026-03-17:5213915949 Ugo Nnanna Okeadu commented on merge request !227665 at GitLab.org / GitLab 2026-03-17T16:53:38Z uokeadu Ugo Nnanna Okeadu

@bryan_valdiviezo Could you please do the initial backend review?

@subashis Could you please do the initial database review and then forward it to @bwill for remaining approvals?

 tag:gitlab.com,2026-03-17:5213908945 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T16:51:55Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (0b81f673) at 17 Mar 16:51

Refactor authorization in authorized?

 tag:gitlab.com,2026-03-17:5213773307 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T16:20:08Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (78a4698b) at 17 Mar 16:20

Normalize due_date and optimize authorization batching

 tag:gitlab.com,2026-03-17:5213562106 Ugo Nnanna Okeadu commented on merge request !227665 at GitLab.org / GitLab 2026-03-17T15:35:05Z uokeadu Ugo Nnanna Okeadu

Not applicable anymore

 tag:gitlab.com,2026-03-17:5213553029 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T15:32:56Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (488eb4f3) at 17 Mar 15:32

Align due_date validation with service behavior

 tag:gitlab.com,2026-03-17:5213450667 Ugo Nnanna Okeadu pushed to project branch uokeadu/592222/create-vulnerability-finding-due-dates-table at GitLab.org / GitLab 2026-03-17T15:12:57Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (2ce1dd99) at 17 Mar 15:12

Remove scope by_finding_ids

 tag:gitlab.com,2026-03-17:5213441093 Ugo Nnanna Okeadu commented on merge request !226308 at GitLab.org / GitLab 2026-03-17T15:11:09Z uokeadu Ugo Nnanna Okeadu

@subashis This is not needed see Add vulnerability finding due dates upsert service (!227665), removing scope.

 tag:gitlab.com,2026-03-17:5213434755 Ugo Nnanna Okeadu pushed to project branch uokeadu/592224/finding-due-dates-upsert-service at GitLab.org / GitLab 2026-03-17T15:09:52Z uokeadu Ugo Nnanna Okeadu

Ugo Nnanna Okeadu (26ad412e) at 17 Mar 15:09

Fix bulk upsert spec expectations

 tag:gitlab.com,2026-03-17:5213204201 Ugo Nnanna Okeadu commented on merge request !142884 at GitLab.com / www-gitlab-com 2026-03-17T14:26:00Z uokeadu Ugo Nnanna Okeadu

I would like to join reviewers for this if we change idea 🙂