Merge branch...

Merge branch '330882-dependency-scanning-vulnerability-reports-a-lot-of-duplicate-links-2' into 'master'

Disable finding link creation

See merge request gitlab-org/gitlab!68381

ee/app/services/security/store_report_service.rb

@@ -48,7 +48,7 @@ module Security
         create_vulnerability_finding(vulnerability_findings_by_uuid, finding)&.id
       end.compact.uniq
 
-      update_vulnerability_links_info
+      update_vulnerability_links_info if Feature.enabled?(:vulnerability_finding_replace_metadata)
       create_vulnerability_pipeline_objects
       update_vulnerabilities_identifiers
       update_vulnerabilities_finding_identifiers

ee/spec/services/security/store_report_service_spec.rb

@@ -67,6 +67,16 @@ RSpec.describe Security::StoreReportService, '#execute' do
             expect { subject }.to change { Vulnerabilities::FindingLink.count }.by(finding_links)
           end
 
+          context 'when finding links creation is disabled' do
+            before do
+              stub_feature_flags(vulnerability_finding_replace_metadata: false)
+            end
+
+            it 'does not insert finding links' do
+              expect { subject }.not_to change { Vulnerabilities::FindingLink.count }
+            end
+          end
+
           it 'inserts all finding identifiers (join model)' do
             expect { subject }.to change { Vulnerabilities::FindingIdentifier.count }.by(finding_identifiers)
           end
@@ -550,7 +560,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
           let!(:issue_link) { create(:vulnerabilities_issue_link, issue: issue, vulnerability_id: vulnerability.id) }
 
           it 'will not raise an error' do
-            expect { subject }.not_to raise_error(ActiveRecord::RecordInvalid)
+            expect { subject }.not_to raise_error
           end
 
           it 'does not insert issue link from the new pipeline' do