Use disable join for cross db

config/feature_flags/development/finding_ci_pipeline_disable_joins.yml

+---
+name: finding_ci_pipeline_disable_joins
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70216
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/338665
+milestone: '14.3'
+type: development
+group: group::threat insights
+default_enabled: true

ee/app/controllers/projects/security/vulnerabilities_controller.rb

@@ -19,7 +19,7 @@ module Projects
       feature_category :vulnerability_management
 
       def show
-        pipeline = vulnerability.finding.pipelines.first
+        pipeline = vulnerability.finding.first_finding_pipeline
         @pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
         @gfm_form = true
       end

ee/app/models/vulnerabilities/finding.rb

@@ -38,7 +38,7 @@ module Vulnerabilities
     has_many :remediations, through: :finding_remediations
 
     has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
-    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'
+    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline', disable_joins: -> { ::Feature.enabled?(:finding_ci_pipeline_disable_joins, default_enabled: :yaml) }
 
     has_many :signatures, class_name: 'Vulnerabilities::FindingSignature', inverse_of: :finding
 
@@ -105,11 +105,6 @@ module Vulnerabilities
         .where("vulnerability_occurrences.location -> 'image' ?| array[:images]", images: images)
     end
 
-    def self.for_pipelines(pipelines)
-      joins(:finding_pipelines)
-        .where(vulnerability_occurrence_pipelines: { pipeline_id: pipelines })
-    end
-
     def self.counted_by_severity
       group(:severity).count.transform_keys do |severity|
         severities[severity]
@@ -368,13 +363,21 @@ module Vulnerabilities
     end
 
     def pipeline_branch
-      pipelines&.last&.sha || project.default_branch
+      last_finding_pipeline&.sha || project.default_branch
     end
 
     def false_positive?
       vulnerability_flags.false_positive.any?
     end
 
+    def first_finding_pipeline
+      finding_pipelines.first&.pipeline
+    end
+
+    def last_finding_pipeline
+      finding_pipelines.last&.pipeline
+    end
+
     protected
 
     def primary_identifier_fingerprint

ee/app/presenters/vulnerability_presenter.rb

@@ -69,7 +69,7 @@ class VulnerabilityPresenter < Gitlab::View::Presenter::Delegated
   end
 
   def pipeline_branch
-    finding.pipelines&.last&.sha || project.default_branch
+    finding.pipeline_branch
   end
 
   def path_with_line_number(path)

ee/spec/factories/vulnerabilities/findings.rb

@@ -235,8 +235,7 @@ FactoryBot.define do
     trait :with_pipeline do
       after(:create) do |finding|
         pipeline = create(:ci_pipeline, project: finding.project)
-
-        finding.pipelines = [pipeline]
+        create(:vulnerabilities_finding_pipeline, finding: finding, pipeline: pipeline)
       end
     end