diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml
index 7af6842fa44..879b3bffd3b 100644
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@@ -182,7 +182,7 @@ semgrep-appsec-custom-rules:
         --exclude '*_test.go' --exclude spec --exclude qa --exclude tooling --json > gl-sast-report.json || true
 
   variables:
-    CUSTOM_RULES_REPOSITORY: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules.git
+    CUSTOM_RULES_REPOSITORY: https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules.git
   artifacts:
     expire_in: 30 days
     paths:
@@ -234,7 +234,7 @@ ping-appsec-for-sast-findings:
   extends:
     - .ping-appsec-for-sast-findings:rules
   variables:
-    # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
+    # Project Access Token bot ID for /gitlab-com/gl-security/product-security/appsec/sast-custom-rules
     BOT_USER_ID: 19650678
   needs:
     - semgrep-appsec-custom-rules
@@ -250,7 +250,7 @@ trigger-depsaster:
     MERGE_REQUEST_PROJECT_ID: $CI_MERGE_REQUEST_PROJECT_ID
     MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
   trigger:
-    project: "gitlab-com/gl-security/appsec/tooling/depsaster"
+    project: "gitlab-com/gl-security/product-security/appsec/tooling/depsaster"
   allow_failure: true
 
 ping-appsec-for-dependency-review:
@@ -261,7 +261,7 @@ ping-appsec-for-dependency-review:
     DISABLE_MENTIONS: "false"
     DISABLE_SCORING: "true"
     DISABLE_COMMENTING: "false"
-    DEPENDENCY_REVIEW_BOT_CI_REG: "${CI_REGISTRY}/gitlab-com/gl-security/appsec/tooling/depscore/master"
+    DEPENDENCY_REVIEW_BOT_CI_REG: "${CI_REGISTRY}/gitlab-com/gl-security/product-security/appsec/tooling/depscore/master"
   extends: [".ping-appsec-for-dependency-review:rules", ".use-docker-in-docker"]
   before_script:
     - apk add jq curl
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index f6ea4a915df..111730eb4c8 100644
--- a/.gitlab/issue_templates/Security developer workflow.md	
+++ b/.gitlab/issue_templates/Security developer workflow.md	
@@ -6,10 +6,10 @@ Create this issue under https://gitlab.com/gitlab-org/security/gitlab
 Set the title to: `Description of the original issue`
 -->
 
-## Prior to starting the security release work
+## Prior to starting the security work
 
-- [ ] Read the [security process for developers] if you are not familiar with it.
-- [ ] Make sure the [issue really needs to follow the security release workflow].
+- [ ] Read the [security process for engineers] if you are not familiar with it.
+- [ ] Make sure the [issue really needs to follow the security workflow].
 - [ ] Add a `~severity::x` label to the issue and all associated merge requests.
 - [ ] Mark this [issue as linked] to the `gitlab-org/gitlab` issue that describes the security vulnerability.
 - Fill out the [Links section](#links):
@@ -20,7 +20,7 @@ Set the title to: `Description of the original issue`
 
 - [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`.
 - [ ] Create a new branch prefixing it with `security-`.
-- [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
+- [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security merge request template].
 - [ ] If this includes a breaking change, make sure to include a mention of it for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
   - See if the [breaking changes workflow] applies
 
@@ -29,10 +29,10 @@ After your merge request has been approved according to our [approval guidelines
 ## Backports
 
 - [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches.
-  - The 3 stable branches correspond to the versions in the title of the [Security Release Tracking Issue].
+  - The 3 stable branches correspond to the versions in the title of the [Security Tracking Issue].
   - At this point, it might be easy to squash the commits from the MR into one
   - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
-- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security Release merge request template].
+- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security merge request template].
   - Every merge request will have its own set of to-dos, so make sure to complete those.
 - [ ] On the "Related merge requests" section, ensure that `4` merge requests are associated: The one targeting `master` and the `3` backports.
 - [ ] If this issue requires less than `4` merge requests, add the ~"reduced backports" label.
@@ -40,8 +40,8 @@ After your merge request has been approved according to our [approval guidelines
 ## Assigning to a release
 
 - [ ]  **IMPORTANT**: When this issue is ready for release (Default branch MR and backports are approved and ready to be merged), apply the ~"security-target" label.
-  - The `gitlab-release-tools-bot` evaluates and links issues with the label to the next planned security release tracking issue. If the bot finds the issue is not ready to be included in the security release, it will leave a comment on the issue explaining what needs to be done.
-  - This issue will only be included in a security release if it is successfully linked to the security release tracking issue.
+  - The `gitlab-release-tools-bot` evaluates and links issues with the label to the active [Security Tracking Issue]. If the bot finds the issue is not ready to be included in the patch release, it will leave a comment on the issue explaining what needs to be done.
+  - This issue will only be included in a patch release if it is successfully linked to the [Security Tracking Issue].
 
 ## Documentation and final details
 
@@ -75,13 +75,13 @@ After your merge request has been approved according to our [approval guidelines
 | Breaking change to UI or public API | Yes/No  | <!-- How should the breaking change be communicated? --> |
 | Thanks                              |         |                                                          |
 
-[security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
+[security process for engineers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md
 [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/utilities/secpick_script.md
-[security Release merge request template]: https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Release.md
+[security merge request template]: https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Fix.md
 [approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
 [issue as linked]: https://docs.gitlab.com/ee/user/project/issues/related_issues.html#add-a-linked-issue
-[issue really needs to follow the security release workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#making-sure-the-issue-needs-to-follow-the-security-release-workflow
+[issue really needs to follow the security workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/engineer.md#making-sure-the-issue-needs-to-follow-the-security-release-workflow
 [breaking changes workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/far_reaching_impact_fixes_or_breaking_change_fixes.md
-[Security Release Tracking Issue]: https://gitlab.com/gitlab-org/gitlab/-/issues/?label_name%5B%5D=upcoming%20security%20release
+[Security Tracking Issue]: https://gitlab.com/gitlab-org/gitlab/-/issues/?label_name%5B%5D=upcoming%20security%20release
 
 /label ~security ~"security-notifications"
diff --git a/.gitlab/merge_request_templates/Revert Security Merge Request.md b/.gitlab/merge_request_templates/Revert Security Merge Request.md
index f29c9cc5b66..f6fb1eb8247 100644
--- a/.gitlab/merge_request_templates/Revert Security Merge Request.md	
+++ b/.gitlab/merge_request_templates/Revert Security Merge Request.md	
@@ -1,26 +1,26 @@
 [Reverting a security merge request] is not encouraged because it rollbacks a security fix
-compromising the integrity of GitLab.com and self-managed instances. If a security merge request
+compromising the integrity of GitLab.com, self-managed and in-house instances. If a security merge request
 introduced a bug, the next steps will depend on the severity of the security issue, the impact of
-the bug introduced and the timeline of the security release. Consult the [other ways of mitigating the bug]
+the bug introduced and the timeline of the patch release. Consult the [other ways of mitigating the bug]
 before continuing with the revert.
 
 ## Purpose of the revert
 
 <!-- Please write down the reason why the revert is required, the severity of the security issue
-and the severity the bug fix and due date of the security release -->
+and the severity the bug fix and due date of the patch release -->
 
 * Severity of the security issue: {+ severity +}
 * Severity of the bug: {+ severity +}
-* Due date of the [ongoing security release]: {+ yyyy/mm/dd +}
+* Due date of the [ongoing patch release]: {+ yyyy/mm/dd +}
 
 ## Checklist:
 
 - [ ] Stage team has contacted AppSec and [release managers] and explained why the revert is necessary.
-- [ ] The security issue has been removed from the [security release].
-- [ ] **AppSec Approval: AppSec agrees and understands the vulnerability will be disclosed without being fixed when the security release is published**
+- [ ] The security issue has been removed from the [patch release].
+- [ ] **AppSec Approval: AppSec agrees and understands the vulnerability will be disclosed without being fixed when the patch release is published**
 
 
 [Reverting a security merge request]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/bugs_introduced_by_security_merge_request.md?ref_type=heads
 [other ways of mitigating the bug]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/bugs_introduced_by_security_merge_request.md?ref_type=heads
-[security release]: https://gitlab.com/gitlab-org/gitlab/-/issues/?label_name%5B%5D=upcoming%20security%20release
+[patch release]: https://gitlab.com/gitlab-org/gitlab/-/issues/?label_name%5B%5D=upcoming%20security%20release
 [release managers]: https://about.gitlab.com/community/release-managers/
diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Fix.md
similarity index 88%
rename from .gitlab/merge_request_templates/Security Release.md
rename to .gitlab/merge_request_templates/Security Fix.md
index cffdffa9256..88ef950742d 100644
--- a/.gitlab/merge_request_templates/Security Release.md	
+++ b/.gitlab/merge_request_templates/Security Fix.md	
@@ -2,7 +2,7 @@
 # README first!
 This MR should be created on `gitlab.com/gitlab-org/security/gitlab`.
 
-See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).
+See [the general developer security guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md).
 
 -->
 
@@ -13,7 +13,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 ## Developer checklist
 
 - [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
-- [ ] Familiarize yourself with the latest process to create Security merge requests: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#process
+- [ ] Familiarize yourself with the latest process to create Security merge requests: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md#process
 - [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
 - [ ] Title of this merge request is the same as for all backports.
 - [ ] A [CHANGELOG entry] has been included, with `Changelog` trailer set to `security`.
@@ -21,7 +21,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
   - [ ] Assign to a reviewer and maintainer, per our [Code Review process].
   - [ ] Ensure it's approved according to our [Approval Guidelines].
   - [ ] Ensure it's approved by an AppSec engineer.
-    - Please see the security release [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval.
+    - Please see the security [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval.
     - Trigger the [`e2e:package-and-test` job]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
 - [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`).
   - [ ] Ensure it's approved by the same maintainer that reviewed and approved the merge request targeting the default branch.
diff --git a/.gitlab/sast-ruleset.toml b/.gitlab/sast-ruleset.toml
index e247d20da2c..296ff281bed 100644
--- a/.gitlab/sast-ruleset.toml
+++ b/.gitlab/sast-ruleset.toml
@@ -5,6 +5,6 @@
 
   [[semgrep.passthrough]]
     type  = "git"
-    value = "https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules.git"
+    value = "https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules.git"
     ref = "refs/heads/main"
     subdir = "gitlab-sast-rules"
diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml
index 02ec682bc64..7b11afa8640 100644
--- a/.rubocop_todo/rspec/feature_category.yml
+++ b/.rubocop_todo/rspec/feature_category.yml
@@ -1008,7 +1008,6 @@ RSpec/FeatureCategory:
     - 'ee/spec/models/ee/project_authorization_spec.rb'
     - 'ee/spec/models/ee/project_group_link_spec.rb'
     - 'ee/spec/models/ee/project_statistics_spec.rb'
-    - 'ee/spec/models/ee/project_wiki_spec.rb'
     - 'ee/spec/models/ee/protected_ref_spec.rb'
     - 'ee/spec/models/ee/release_spec.rb'
     - 'ee/spec/models/ee/resource_label_event_spec.rb'
diff --git a/.rubocop_todo/rspec/named_subject.yml b/.rubocop_todo/rspec/named_subject.yml
index 2655802d653..c533591bf66 100644
--- a/.rubocop_todo/rspec/named_subject.yml
+++ b/.rubocop_todo/rspec/named_subject.yml
@@ -604,7 +604,6 @@ RSpec/NamedSubject:
     - 'ee/spec/models/ee/pages_domain_spec.rb'
     - 'ee/spec/models/ee/personal_access_token_spec.rb'
     - 'ee/spec/models/ee/project_spec.rb'
-    - 'ee/spec/models/ee/project_wiki_spec.rb'
     - 'ee/spec/models/ee/projects/branch_rule_spec.rb'
     - 'ee/spec/models/ee/protected_branch_spec.rb'
     - 'ee/spec/models/ee/resource_label_event_spec.rb'
diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml
index 4fea397b570..c09e84907f3 100644
--- a/.rubocop_todo/style/inline_disable_annotation.yml
+++ b/.rubocop_todo/style/inline_disable_annotation.yml
@@ -1092,7 +1092,6 @@ Style/InlineDisableAnnotation:
     - 'config/initializers/fix_local_cache_middleware.rb'
     - 'config/initializers/fog_core_patch.rb'
     - 'config/initializers/grape_validators.rb'
-    - 'config/initializers/grpc_patch.rb'
     - 'config/initializers/kaminari_active_record_relation_methods_with_limit.rb'
     - 'config/initializers/mail_starttls_patch.rb'
     - 'config/initializers/postgres_cte_as_materialized.rb'
@@ -1705,7 +1704,6 @@ Style/InlineDisableAnnotation:
     - 'ee/elastic/migrate/20230720000000_reindex_wikis_to_fix_routing.rb'
     - 'ee/elastic/migrate/20230724070100_backfill_epics.rb'
     - 'ee/elastic/migrate/20230724151612_backfill_archived_field_in_commits.rb'
-    - 'ee/elastic/migrate/20230724221548_remove_wikis_from_main_index.rb'
     - 'ee/elastic/migrate/20230821123542_backfill_archived_field_in_blob.rb'
     - 'ee/elastic/migrate/20230901120542_force_reindex_commits_from_main_index.rb'
     - 'ee/elastic/migrate/20231019223356_reindex_wikis_to_fix_routing_and_backfill_archived.rb'
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 9a3edf40074..3ef933835b2 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-1b7d24619a5fc750c340254158c2949d58ea774f
+f0a471cf95e5f057d7d07692710c391d3e3822d4
diff --git a/Gemfile b/Gemfile
index e415840865c..61110d45b49 100644
--- a/Gemfile
+++ b/Gemfile
@@ -595,7 +595,7 @@ gem 'gitaly', '~> 17.0.0.pre.rc2', feature_category: :gitaly
 # KAS GRPC protocol definitions
 gem 'kas-grpc', '~> 0.5.0', feature_category: :deployment_management
 
-gem 'grpc', '~> 1.62', feature_category: :shared
+gem 'grpc', '~> 1.63', feature_category: :shared
 
 gem 'google-protobuf', '~> 3.25', '>= 3.25.3' # rubocop:todo Gemfile/MissingFeatureCategory
 
diff --git a/Gemfile.checksum b/Gemfile.checksum
index c9fc1ac474f..f3152d62885 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -281,15 +281,15 @@
 {"name":"graphql","version":"2.2.5","platform":"ruby","checksum":"15eeb4b4b29b8502de22e6f2794ea5b7bf75b3a8c0aa5d776f5e614ef543bc7e"},
 {"name":"graphql-client","version":"0.19.0","platform":"ruby","checksum":"fe699d81976f916bd8f989216155326449cb8475a5d69fa1dd054012a86969c7"},
 {"name":"graphql-docs","version":"4.0.0","platform":"ruby","checksum":"f68296959263db26e1b7ba7058856d67b641cf508187222268be58f09dfa02d7"},
-{"name":"grpc","version":"1.62.0","platform":"aarch64-linux","checksum":"da4a327c031408537d573ac8e32c0457f96043382865f246cc5d8707af1d74ce"},
-{"name":"grpc","version":"1.62.0","platform":"arm64-darwin","checksum":"3bed38060eaec814a9547f88369c49b9bb3d439ff1832ccff30130459af919e0"},
-{"name":"grpc","version":"1.62.0","platform":"ruby","checksum":"f624d44ce89764ed61bd0d8c585bd6d7ec4b75ad421bdc7b370f09f101f6e80f"},
-{"name":"grpc","version":"1.62.0","platform":"x64-mingw-ucrt","checksum":"5618e4c7c708c1f10c905fd61689134ebc8b4df066fdd744b94b62d53e9bf5ea"},
-{"name":"grpc","version":"1.62.0","platform":"x64-mingw32","checksum":"5e2275f8e013342dfa0d7af028f3449849fc9cad163c5fafd8ae4c9be37b50e3"},
-{"name":"grpc","version":"1.62.0","platform":"x86-linux","checksum":"3e6a37edc951fcb77c14625a83141f39a98baf86f28fa3be0d552a888385d94d"},
-{"name":"grpc","version":"1.62.0","platform":"x86-mingw32","checksum":"40d42f50877fdaf26cd37836e2388f61d9c896d268f53e7493bb259b3a669806"},
-{"name":"grpc","version":"1.62.0","platform":"x86_64-darwin","checksum":"22eb3a8d36de1da327045a57c753b45c873c12a82106e8edef40ac0a01f37776"},
-{"name":"grpc","version":"1.62.0","platform":"x86_64-linux","checksum":"59f052fda776769f12b815495f9e1f2bc9501e5a194646720eb1d73f190e9502"},
+{"name":"grpc","version":"1.63.0","platform":"aarch64-linux","checksum":"dc75c5fd570b819470781d9512105dddfdd11d984f38b8e60bb946f92d1f79ee"},
+{"name":"grpc","version":"1.63.0","platform":"arm64-darwin","checksum":"91b93a354508a9d1772f095554f2e4c04358c2b32d7a670e3705b7fc4695c996"},
+{"name":"grpc","version":"1.63.0","platform":"ruby","checksum":"5f4383c4ee2886e92c31b90422261b7527f26e3baa585d877e9804e715983686"},
+{"name":"grpc","version":"1.63.0","platform":"x64-mingw-ucrt","checksum":"bbca63f19b45cca5a485f5c5eb363a8684d23a6d0c3421bde5e72e6227291488"},
+{"name":"grpc","version":"1.63.0","platform":"x64-mingw32","checksum":"fb6251f497c8327eda92c4af293ec07fcaec4ffaa2514d3942a7c31406bfaf5b"},
+{"name":"grpc","version":"1.63.0","platform":"x86-linux","checksum":"152140fa2c28e384d3c1ded454a66d5e22fb2ff1d2920c2ef2530b2d707de6fd"},
+{"name":"grpc","version":"1.63.0","platform":"x86-mingw32","checksum":"eed13225b08e705421fef9d986de6c2310ec692df1d80f7a4d407de7c1f98525"},
+{"name":"grpc","version":"1.63.0","platform":"x86_64-darwin","checksum":"a814414ff178e89ee3ad0cc2a826ce1ca96c68063effb81affe3e5ceff7b44cc"},
+{"name":"grpc","version":"1.63.0","platform":"x86_64-linux","checksum":"41a90a597f44959c8dbb94619db2b0c0939a768569a5dfad41fffa227eb1287d"},
 {"name":"grpc-google-iam-v1","version":"1.5.0","platform":"ruby","checksum":"cea356d150dac69751f6a4c71f1571c8022c69d9f4ce9c18139200932c19374e"},
 {"name":"gssapi","version":"1.3.1","platform":"ruby","checksum":"c51cf30842ee39bd93ce7fc33e20405ff8a04cda9dec6092071b61258284aee1"},
 {"name":"guard","version":"2.16.2","platform":"ruby","checksum":"71ba7abaddecc8be91ab77bbaf78f767246603652ebbc7b976fda497ebdc8fbb"},
diff --git a/Gemfile.lock b/Gemfile.lock
index 8490d0c1e76..a8f5241a9f2 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -884,7 +884,7 @@ GEM
       gemoji (~> 3.0)
       graphql (~> 2.0)
       html-pipeline (~> 2.14, >= 2.14.3)
-    grpc (1.62.0)
+    grpc (1.63.0)
       google-protobuf (~> 3.25)
       googleapis-common-protos-types (~> 1.0)
     grpc-google-iam-v1 (1.5.0)
@@ -2057,7 +2057,7 @@ DEPENDENCIES
   graphlyte (~> 1.0.0)
   graphql (~> 2.2.5)
   graphql-docs (~> 4.0.0)
-  grpc (~> 1.62)
+  grpc (~> 1.63)
   gssapi (~> 1.3.1)
   guard-rspec
   haml_lint (~> 0.57)
diff --git a/app/assets/javascripts/admin/application_settings/inactive_project_deletion/components/form.vue b/app/assets/javascripts/admin/application_settings/inactive_project_deletion/components/form.vue
index 0b640a34864..7f328c9569b 100644
--- a/app/assets/javascripts/admin/application_settings/inactive_project_deletion/components/form.vue
+++ b/app/assets/javascripts/admin/application_settings/inactive_project_deletion/components/form.vue
@@ -132,7 +132,7 @@ export default {
         data-testid="min-size-group"
       >
         <template #invalid-feedback>
-          <div class="gl-w-40p">{{ $options.i18n.minSizeMbInvalidFeedback }}</div>
+          <div class="gl-w-2/5">{{ $options.i18n.minSizeMbInvalidFeedback }}</div>
         </template>
         <gl-form-text class="gl-mt-0 gl-mb-3 gl-text-body!">
           {{ $options.i18n.minSizeMbDescription }}
@@ -169,7 +169,7 @@ export default {
           data-testid="delete-after-months-group"
         >
           <template #invalid-feedback>
-            <div class="gl-w-30p">{{ $options.i18n.deleteAfterMonthsInvalidFeedback }}</div>
+            <div class="gl-w-3/10">{{ $options.i18n.deleteAfterMonthsInvalidFeedback }}</div>
           </template>
           <gl-form-input-group data-testid="delete-after-months-input-group">
             <gl-form-input
@@ -202,7 +202,7 @@ export default {
           data-testid="send-warning-email-after-months-group"
         >
           <template #invalid-feedback>
-            <div class="gl-w-30p">
+            <div class="gl-w-3/10">
               {{ $options.i18n.sendWarningEmailAfterMonthsInvalidFeedback }}
             </div>
           </template>
diff --git a/app/assets/javascripts/alert_management/components/alert_management_table.vue b/app/assets/javascripts/alert_management/components/alert_management_table.vue
index 795f3c36f26..8b31d921808 100644
--- a/app/assets/javascripts/alert_management/components/alert_management_table.vue
+++ b/app/assets/javascripts/alert_management/components/alert_management_table.vue
@@ -53,7 +53,7 @@ export default {
       key: 'severity',
       label: s__('AlertManagement|Severity'),
       variant: 'secondary',
-      thClass: `gl-w-eighth`,
+      thClass: `gl-w-1/8`,
       thAttr: TH_TEST_ID,
       tdClass: `${tdClass} rounded-top text-capitalize sortable-cell`,
       sortable: true,
@@ -62,7 +62,7 @@ export default {
       key: 'startedAt',
       label: s__('AlertManagement|Start time'),
       variant: 'secondary',
-      thClass: `js-started-at w-15p`,
+      thClass: `js-started-at gl-w-3/20`,
       tdClass: `${tdClass} sortable-cell`,
       sortable: true,
     },
@@ -82,20 +82,20 @@ export default {
     {
       key: 'issue',
       label: s__('AlertManagement|Incident'),
-      thClass: 'gl-w-15p gl-pointer-events-none',
+      thClass: 'gl-w-3/20 gl-pointer-events-none',
       tdClass,
     },
     {
       key: 'assignees',
       label: s__('AlertManagement|Assignees'),
-      thClass: 'gl-w-eighth gl-pointer-events-none',
+      thClass: 'gl-w-1/8 gl-pointer-events-none',
       tdClass,
     },
     {
       key: 'status',
       label: s__('AlertManagement|Status'),
       variant: 'secondary',
-      thClass: `w-15p`,
+      thClass: `gl-w-3/20`,
       tdClass: `${tdClass} rounded-bottom sortable-cell`,
       sortable: true,
     },
diff --git a/app/assets/javascripts/alerts_settings/components/alert_mapping_builder.vue b/app/assets/javascripts/alerts_settings/components/alert_mapping_builder.vue
index 91f6a50f63d..30b62e88a5d 100644
--- a/app/assets/javascripts/alerts_settings/components/alert_mapping_builder.vue
+++ b/app/assets/javascripts/alerts_settings/components/alert_mapping_builder.vue
@@ -151,7 +151,7 @@ export default {
     </div>
 
     <div v-for="gitlabField in mappingData" :key="gitlabField.name" class="gl-display-table-row">
-      <div class="gl-display-table-cell gl-py-3 gl-pr-3 gl-w-30p gl-align-middle">
+      <div class="gl-display-table-cell gl-py-3 gl-pr-3 gl-w-3/10 gl-align-middle">
         <gl-form-input
           aria-labelledby="gitlabFieldsHeader"
           disabled
@@ -167,7 +167,7 @@ export default {
         </div>
       </div>
 
-      <div class="gl-display-table-cell gl-py-3 gl-pr-3 gl-w-30p gl-align-middle">
+      <div class="gl-display-table-cell gl-py-3 gl-pr-3 gl-w-3/10 gl-align-middle">
         <gl-collapsible-listbox
           :items="dropdownItems(gitlabField.searchTerm, gitlabField.mappingFields)"
           :selected="selectedValue(gitlabField.mapping)"
@@ -188,7 +188,7 @@ export default {
         </gl-collapsible-listbox>
       </div>
 
-      <div class="gl-display-table-cell gl-py-3 gl-w-30p">
+      <div class="gl-display-table-cell gl-py-3 gl-w-3/10">
         <gl-collapsible-listbox
           v-if="Boolean(gitlabField.numberOfFallbacks)"
           :items="dropdownItems(gitlabField.fallbackSearchTerm, gitlabField.mappingFields)"
diff --git a/app/assets/javascripts/analytics/cycle_analytics/components/stage_table.vue b/app/assets/javascripts/analytics/cycle_analytics/components/stage_table.vue
index ec5d0975747..88ce26a1290 100644
--- a/app/assets/javascripts/analytics/cycle_analytics/components/stage_table.vue
+++ b/app/assets/javascripts/analytics/cycle_analytics/components/stage_table.vue
@@ -23,7 +23,7 @@ import {
 import TotalTime from './total_time.vue';
 
 const DEFAULT_WORKFLOW_TITLE_PROPERTIES = {
-  thClass: 'gl-w-half',
+  thClass: 'gl-w-1/2',
   key: FIELD_KEY_TITLE,
   sortable: false,
 };
diff --git a/app/assets/javascripts/behaviors/shortcuts/shortcuts_help.vue b/app/assets/javascripts/behaviors/shortcuts/shortcuts_help.vue
index f8b2331befa..ba682a1ec10 100644
--- a/app/assets/javascripts/behaviors/shortcuts/shortcuts_help.vue
+++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts_help.vue
@@ -68,7 +68,7 @@ export default {
       <gl-search-box-by-type
         v-model.trim="searchTerm"
         :aria-label="$options.i18n.search"
-        class="gl-w-half gl-mr-3"
+        class="gl-w-1/2 gl-mr-3"
       />
       <span>
         <gl-sprintf
@@ -93,7 +93,7 @@ export default {
         :key="group.id"
         class="shortcut-help-mapping gl-mb-4"
       >
-        <strong class="shortcut-help-mapping-title gl-w-half gl-display-inline-block">
+        <strong class="shortcut-help-mapping-title gl-w-1/2 gl-display-inline-block">
           {{ group.name }}
         </strong>
         <div
@@ -102,10 +102,10 @@ export default {
           class="gl-display-flex gl-align-items-center"
         >
           <shortcut
-            class="gl-w-40p gl-flex-shrink-0 gl-text-right gl-pr-4"
+            class="gl-w-2/5 gl-flex-shrink-0 gl-text-right gl-pr-4"
             :shortcuts="keybinding.defaultKeys"
           />
-          <div class="gl-w-half gl-flex-shrink-0 gl-flex-grow-1">
+          <div class="gl-w-1/2 gl-flex-shrink-0 gl-flex-grow-1">
             {{ keybinding.description }}
           </div>
         </div>
diff --git a/app/assets/javascripts/ci/admin/jobs_table/constants.js b/app/assets/javascripts/ci/admin/jobs_table/constants.js
index 86c9ab53e75..015749a2f59 100644
--- a/app/assets/javascripts/ci/admin/jobs_table/constants.js
+++ b/app/assets/javascripts/ci/admin/jobs_table/constants.js
@@ -21,12 +21,12 @@ export const RUNNER_NO_DESCRIPTION = s__('Runners|No description');
 /* Admin Table constants */
 /* The field list is based on app/assets/javascripts/jobs/components/table/constants.js */
 export const DEFAULT_FIELDS_ADMIN = [
-  { key: 'status', label: __('Status'), columnClass: 'gl-w-15p' },
-  { key: 'job', label: __('Job'), columnClass: 'gl-w-20p' },
-  { key: 'project', label: __('Project'), columnClass: 'gl-w-20p' },
-  { key: 'runner', label: __('Runner'), columnClass: 'gl-w-15p' },
-  { key: 'pipeline', label: __('Pipeline'), columnClass: 'gl-w-10p' },
-  { key: 'actions', label: '', columnClass: 'gl-w-10p' },
+  { key: 'status', label: __('Status'), columnClass: 'gl-w-3/20' },
+  { key: 'job', label: __('Job'), columnClass: 'gl-w-4/20' },
+  { key: 'project', label: __('Project'), columnClass: 'gl-w-4/20' },
+  { key: 'runner', label: __('Runner'), columnClass: 'gl-w-3/20' },
+  { key: 'pipeline', label: __('Pipeline'), columnClass: 'gl-w-2/20' },
+  { key: 'actions', label: '', columnClass: 'gl-w-2/20' },
 ];
 
 export const RAW_TEXT_WARNING_ADMIN = RAW_TEXT_WARNING;
diff --git a/app/assets/javascripts/ci/artifacts/components/artifact_row.vue b/app/assets/javascripts/ci/artifacts/components/artifact_row.vue
index d4de42b10a8..026f64be10d 100644
--- a/app/assets/javascripts/ci/artifacts/components/artifact_row.vue
+++ b/app/assets/javascripts/ci/artifacts/components/artifact_row.vue
@@ -96,7 +96,7 @@ export default {
         />
       </span>
       <span
-        class="gl-w-half gl-pl-8 gl-display-flex gl-align-items-center"
+        class="gl-w-1/2 gl-pl-8 gl-display-flex gl-align-items-center"
         data-testid="job-artifact-row-name"
       >
         <gl-friendly-wrap :text="artifact.name" />
@@ -108,11 +108,11 @@ export default {
         </gl-badge>
       </span>
 
-      <span class="gl-w-quarter gl-text-right gl-pr-5" data-testid="job-artifact-row-size">
+      <span class="gl-w-1/4 gl-text-right gl-pr-5" data-testid="job-artifact-row-size">
         {{ artifactSize }}
       </span>
 
-      <span class="gl-w-quarter gl-text-right gl-pr-5">
+      <span class="gl-w-1/4 gl-text-right gl-pr-5">
         <gl-button-group>
           <gl-button
             category="tertiary"
diff --git a/app/assets/javascripts/ci/artifacts/components/job_artifacts_table.vue b/app/assets/javascripts/ci/artifacts/components/job_artifacts_table.vue
index e4128069457..c167019861a 100644
--- a/app/assets/javascripts/ci/artifacts/components/job_artifacts_table.vue
+++ b/app/assets/javascripts/ci/artifacts/components/job_artifacts_table.vue
@@ -142,7 +142,7 @@ export default {
         this.canBulkDestroyArtifacts && {
           key: 'checkbox',
           label: '',
-          thClass: 'gl-w-5p',
+          thClass: 'gl-w-1/20',
         },
         ...this.$options.fields,
       ];
@@ -328,29 +328,29 @@ export default {
     {
       key: 'artifacts',
       label: I18N_ARTIFACTS,
-      thClass: 'gl-w-eighth',
+      thClass: 'gl-w-1/8',
     },
     {
       key: 'job',
       label: I18N_JOB,
-      thClass: 'gl-w-35p',
+      thClass: 'gl-w-7/20',
     },
     {
       key: 'size',
       label: I18N_SIZE,
-      thClass: 'gl-w-15p gl-text-right',
+      thClass: 'gl-w-3/20 gl-text-right',
       tdClass: 'gl-text-right',
     },
     {
       key: 'created',
       label: I18N_CREATED,
-      thClass: 'gl-w-eighth gl-text-center',
+      thClass: 'gl-w-1/8 gl-text-center',
       tdClass: 'gl-text-center',
     },
     {
       key: 'actions',
       label: '',
-      thClass: 'gl-w-20p',
+      thClass: 'gl-w-4/20',
       tdClass: 'gl-text-right',
     },
   ],
diff --git a/app/assets/javascripts/ci/catalog/components/details/ci_resource_components.vue b/app/assets/javascripts/ci/catalog/components/details/ci_resource_components.vue
index 8e97fca81fc..ff1477f4b71 100644
--- a/app/assets/javascripts/ci/catalog/components/details/ci_resource_components.vue
+++ b/app/assets/javascripts/ci/catalog/components/details/ci_resource_components.vue
@@ -60,17 +60,17 @@ export default {
     {
       key: 'name',
       label: s__('CiCatalogComponent|Parameters'),
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-2/5',
     },
     {
       key: 'default',
       label: s__('CiCatalogComponent|Default Value'),
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-2/5',
     },
     {
       key: 'required',
       label: s__('CiCatalogComponent|Mandatory'),
-      thClass: 'gl-w-20p',
+      thClass: 'gl-w-1/5',
     },
   ],
   i18n: {
diff --git a/app/assets/javascripts/ci/ci_variable_list/components/ci_variable_table.vue b/app/assets/javascripts/ci/ci_variable_list/components/ci_variable_table.vue
index 0b491350d5a..0efb7ee92d4 100644
--- a/app/assets/javascripts/ci/ci_variable_list/components/ci_variable_table.vue
+++ b/app/assets/javascripts/ci/ci_variable_list/components/ci_variable_table.vue
@@ -30,7 +30,7 @@ export default {
       label: s__('CiVariables|Key'),
       tdClass: 'text-plain',
       sortable: true,
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-2/5',
     },
     {
       key: 'value',
diff --git a/app/assets/javascripts/ci/common/pipelines_table.vue b/app/assets/javascripts/ci/common/pipelines_table.vue
index d63d2d1713e..4cf51db30dd 100644
--- a/app/assets/javascripts/ci/common/pipelines_table.vue
+++ b/app/assets/javascripts/ci/common/pipelines_table.vue
@@ -75,7 +75,7 @@ export default {
         {
           key: 'status',
           label: s__('Pipeline|Status'),
-          columnClass: 'gl-w-15p',
+          columnClass: 'gl-w-3/20',
           tdClass: this.tdClasses,
           thAttr: { 'data-testid': 'status-th' },
         },
@@ -83,27 +83,27 @@ export default {
           key: 'pipeline',
           label: __('Pipeline'),
           tdClass: `${this.tdClasses}`,
-          columnClass: 'gl-w-30p',
+          columnClass: 'gl-w-6/20',
           thAttr: { 'data-testid': 'pipeline-th' },
         },
         {
           key: 'triggerer',
           label: s__('Pipeline|Created by'),
           tdClass: `${this.tdClasses} ${HIDE_TD_ON_MOBILE}`,
-          columnClass: 'gl-w-15p',
+          columnClass: 'gl-w-3/20',
           thAttr: { 'data-testid': 'triggerer-th' },
         },
         {
           key: 'stages',
           label: s__('Pipeline|Stages'),
           tdClass: this.tdClasses,
-          columnClass: 'gl-w-quarter',
+          columnClass: 'gl-w-5/20',
           thAttr: { 'data-testid': 'stages-th' },
         },
         {
           key: 'actions',
           tdClass: this.tdClasses,
-          columnClass: 'gl-w-20p',
+          columnClass: 'gl-w-4/20',
           thAttr: { 'data-testid': 'actions-th' },
         },
       ];
diff --git a/app/assets/javascripts/ci/jobs_page/constants.js b/app/assets/javascripts/ci/jobs_page/constants.js
index c3d690669a4..ebfa1ea55e6 100644
--- a/app/assets/javascripts/ci/jobs_page/constants.js
+++ b/app/assets/javascripts/ci/jobs_page/constants.js
@@ -34,34 +34,34 @@ export const DEFAULT_FIELDS = [
   {
     key: 'status',
     label: __('Status'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
   },
   {
     key: 'job',
     label: __('Job'),
-    columnClass: 'gl-w-quarter',
+    columnClass: 'gl-w-5/20',
   },
   {
     key: 'pipeline',
     label: __('Pipeline'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
   },
   {
     key: 'stage',
     label: __('Stage'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
   },
   {
     key: 'coverage',
     label: __('Coverage'),
     tdClass: 'gl-display-none! gl-lg-display-table-cell!',
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
   },
   {
     key: 'actions',
     label: '',
     tdClass: 'gl-text-right',
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
   },
 ];
 
diff --git a/app/assets/javascripts/ci/pipeline_details/constants.js b/app/assets/javascripts/ci/pipeline_details/constants.js
index 90e723ea442..44ccfd89e02 100644
--- a/app/assets/javascripts/ci/pipeline_details/constants.js
+++ b/app/assets/javascripts/ci/pipeline_details/constants.js
@@ -49,23 +49,23 @@ export const DEFAULT_FIELDS = [
   {
     key: 'name',
     label: __('Name'),
-    columnClass: 'gl-w-20p',
+    columnClass: 'gl-w-1/5',
   },
   {
     key: 'stage',
     label: __('Stage'),
-    columnClass: 'gl-w-20p',
+    columnClass: 'gl-w-1/5',
   },
   {
     key: 'failureMessage',
     label: __('Failure'),
-    columnClass: 'gl-w-40p',
+    columnClass: 'gl-w-2/5',
   },
   {
     key: 'actions',
     label: '',
     tdClass: 'gl-text-right',
-    columnClass: 'gl-w-20p',
+    columnClass: 'gl-w-1/5',
   },
 ];
 
diff --git a/app/assets/javascripts/ci/pipeline_details/graph/components/stage_column_component.vue b/app/assets/javascripts/ci/pipeline_details/graph/components/stage_column_component.vue
index e743ac0900e..88cdf4ed299 100644
--- a/app/assets/javascripts/ci/pipeline_details/graph/components/stage_column_component.vue
+++ b/app/assets/javascripts/ci/pipeline_details/graph/components/stage_column_component.vue
@@ -132,7 +132,7 @@ export default {
         data-testid="stage-column-title"
         class="stage-column-title gl-display-flex gl-justify-content-space-between gl-relative gl-font-weight-bold gl-pipeline-job-width gl-text-truncate gl-line-height-36 gl-pl-4 gl-mb-n2"
       >
-        <span :title="name" class="gl-text-truncate gl-pr-3 gl-w-85p">
+        <span :title="name" class="gl-text-truncate gl-pr-3 gl-w-17/20">
           {{ name }}
         </span>
         <action-component
diff --git a/app/assets/javascripts/ci/pipeline_schedules/components/table/pipeline_schedules_table.vue b/app/assets/javascripts/ci/pipeline_schedules/components/table/pipeline_schedules_table.vue
index 368cfb9c10d..19da3a4be17 100644
--- a/app/assets/javascripts/ci/pipeline_schedules/components/table/pipeline_schedules_table.vue
+++ b/app/assets/javascripts/ci/pipeline_schedules/components/table/pipeline_schedules_table.vue
@@ -16,37 +16,37 @@ export default {
       key: 'description',
       label: s__('PipelineSchedules|Description'),
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-40p',
+      columnClass: 'gl-w-8/20',
     },
     {
       key: 'target',
       label: s__('PipelineSchedules|Target'),
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-10p',
+      columnClass: 'gl-w-2/20',
     },
     {
       key: 'pipeline',
       label: s__('PipelineSchedules|Last Pipeline'),
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-10p',
+      columnClass: 'gl-w-2/20',
     },
     {
       key: 'next',
       label: s__('PipelineSchedules|Next Run'),
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-15p',
+      columnClass: 'gl-w-3/20',
     },
     {
       key: 'owner',
       label: s__('PipelineSchedules|Owner'),
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-10p',
+      columnClass: 'gl-w-2/20',
     },
     {
       key: 'actions',
       label: '',
       thClass: 'gl-border-t-none!',
-      columnClass: 'gl-w-15p',
+      columnClass: 'gl-w-3/20',
     },
   ],
   components: {
diff --git a/app/assets/javascripts/ci/runner/components/runner_list.vue b/app/assets/javascripts/ci/runner/components/runner_list.vue
index 53226390bc8..29c7486acab 100644
--- a/app/assets/javascripts/ci/runner/components/runner_list.vue
+++ b/app/assets/javascripts/ci/runner/components/runner_list.vue
@@ -13,10 +13,10 @@ import RunnerStatusCell from './cells/runner_status_cell.vue';
 import RunnerOwnerCell from './cells/runner_owner_cell.vue';
 
 const defaultFields = [
-  tableField({ key: 'status', label: s__('Runners|Status'), thClasses: ['gl-w-15p'] }),
+  tableField({ key: 'status', label: s__('Runners|Status'), thClasses: ['gl-w-3/20'] }),
   tableField({ key: 'summary', label: s__('Runners|Runner configuration') }),
-  tableField({ key: 'owner', label: s__('Runners|Owner'), thClasses: ['gl-w-20p'] }),
-  tableField({ key: 'actions', label: '', thClasses: ['gl-w-15p'] }),
+  tableField({ key: 'owner', label: s__('Runners|Owner'), thClasses: ['gl-w-4/20'] }),
+  tableField({ key: 'actions', label: '', thClasses: ['gl-w-3/20'] }),
 ];
 
 export default {
diff --git a/app/assets/javascripts/ci_settings_pipeline_triggers/components/triggers_list.vue b/app/assets/javascripts/ci_settings_pipeline_triggers/components/triggers_list.vue
index a244b13e8d4..5b20a8077f3 100644
--- a/app/assets/javascripts/ci_settings_pipeline_triggers/components/triggers_list.vue
+++ b/app/assets/javascripts/ci_settings_pipeline_triggers/components/triggers_list.vue
@@ -43,32 +43,32 @@ export default {
     {
       key: 'token',
       label: s__('Pipelines|Token'),
-      thClass: 'gl-w-60p',
+      thClass: 'gl-w-12/20',
       tdClass: '!gl-align-middle',
     },
     {
       key: 'description',
       label: s__('Pipelines|Description'),
-      thClass: 'gl-w-20p',
+      thClass: 'gl-w-4/20',
       tdClass: '!gl-align-middle',
     },
     {
       key: 'owner',
       label: s__('Pipelines|Owner'),
-      thClass: 'gl-w-5p',
+      thClass: 'gl-w-1/20',
       tdClass: '!gl-align-middle',
     },
     {
       key: 'lastUsed',
       label: s__('Pipelines|Last Used'),
-      thClass: 'gl-w-10p',
+      thClass: 'gl-w-2/20',
       tdClass: '!gl-align-middle',
     },
     {
       key: 'actions',
       label: __('Actions'),
       tdClass: 'gl-text-right gl-white-space-nowrap',
-      thClass: `gl-text-right gl-w-5p`,
+      thClass: `gl-text-right gl-w-1/20`,
     },
   ],
   computed: {
diff --git a/app/assets/javascripts/clusters_list/components/install_agent_modal.vue b/app/assets/javascripts/clusters_list/components/install_agent_modal.vue
index bcc3d49cd98..87c31698d30 100644
--- a/app/assets/javascripts/clusters_list/components/install_agent_modal.vue
+++ b/app/assets/javascripts/clusters_list/components/install_agent_modal.vue
@@ -264,7 +264,7 @@ export default {
         <form>
           <gl-form-group label-for="agent-name">
             <available-agents-dropdown
-              class="gl-w-70p"
+              class="gl-w-7/10"
               :is-registering="registering"
               :available-agents="availableAgents"
               @agentSelected="setAgentName"
diff --git a/app/assets/javascripts/deployments/components/show_deployment.vue b/app/assets/javascripts/deployments/components/show_deployment.vue
index 729238eb52a..e8bedfd15d5 100644
--- a/app/assets/javascripts/deployments/components/show_deployment.vue
+++ b/app/assets/javascripts/deployments/components/show_deployment.vue
@@ -106,28 +106,28 @@ export default {
           :environment="environment"
           :loading="isLoading"
         />
-        <details-feedback class="gl-mt-6 gl-w-90p" />
+        <details-feedback class="gl-mt-6 gl-w-9/10" />
         <deployment-approvals
           v-if="hasApprovalSummary"
           :approval-summary="deployment.approvalSummary"
           :deployment="deployment"
-          class="gl-mt-6 gl-w-90p"
+          class="gl-mt-6 gl-w-9/10"
           @change="$apollo.queries.deployment.refetch()"
         />
         <deployment-deploy-block
           v-if="isManual"
           :deployment="deployment"
-          class="gl-w-90p gl-mt-4"
+          class="gl-w-9/10 gl-mt-4"
         />
         <deployment-timeline
           v-if="hasApprovalSummary"
           :approval-summary="deployment.approvalSummary"
-          class="gl-w-90p"
+          class="gl-w-9/10"
         />
         <approvals-empty-state
           v-if="!isLoading"
           :approval-summary="deployment.approvalSummary"
-          class="gl-w-90p"
+          class="gl-w-9/10"
         />
       </div>
       <deployment-aside
@@ -135,7 +135,7 @@ export default {
         :loading="isLoading"
         :deployment="deployment"
         :environment="environment"
-        class="gl-w-20p"
+        class="gl-w-1/5"
       />
     </div>
   </div>
diff --git a/app/assets/javascripts/entrypoints/performance_bar.js b/app/assets/javascripts/entrypoints/performance_bar.js
index 3f6fc6272d0..d1be41cbed1 100644
--- a/app/assets/javascripts/entrypoints/performance_bar.js
+++ b/app/assets/javascripts/entrypoints/performance_bar.js
@@ -1 +1,3 @@
-import '../performance_bar';
+import '~/webpack';
+import '~/commons';
+import '~/performance_bar';
diff --git a/app/assets/javascripts/environments/environment_details/constants.js b/app/assets/javascripts/environments/environment_details/constants.js
index 75bd1193cbc..6b11a5c1017 100644
--- a/app/assets/javascripts/environments/environment_details/constants.js
+++ b/app/assets/javascripts/environments/environment_details/constants.js
@@ -7,56 +7,56 @@ export const ENVIRONMENT_DETAILS_TABLE_FIELDS = [
   {
     key: 'status',
     label: __('Status'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
     tdClass: '!gl-align-middle',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'id',
     label: __('ID'),
-    columnClass: 'gl-w-5p',
+    columnClass: 'gl-w-1/20',
     tdClass: '!gl-align-middle',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'triggerer',
     label: __('Triggerer'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
     tdClass: '!gl-align-middle',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'commit',
     label: __('Commit'),
-    columnClass: 'gl-w-20p',
+    columnClass: 'gl-w-4/20',
     tdClass: '!gl-align-middle',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'job',
     label: __('Job'),
-    columnClass: 'gl-w-15p',
+    columnClass: 'gl-w-3/20',
     tdClass: '!gl-align-middle',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'created',
     label: __('Created'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
     tdClass: '!gl-align-middle gl-white-space-nowrap',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'deployed',
     label: __('Deployed'),
-    columnClass: 'gl-w-10p',
+    columnClass: 'gl-w-2/20',
     tdClass: '!gl-align-middle gl-white-space-nowrap',
     thClass: 'gl-border-t-none!',
   },
   {
     key: 'actions',
     label: __('Actions'),
-    columnClass: 'gl-w-15p',
+    columnClass: 'gl-w-3/20',
     tdClass: '!gl-align-middle gl-white-space-nowrap',
     thClass: 'gl-border-t-none!',
   },
diff --git a/app/assets/javascripts/error_tracking/components/error_details_info.vue b/app/assets/javascripts/error_tracking/components/error_details_info.vue
index 0b4eabe25d1..19c3b3f8f0c 100644
--- a/app/assets/javascripts/error_tracking/components/error_details_info.vue
+++ b/app/assets/javascripts/error_tracking/components/error_details_info.vue
@@ -4,7 +4,7 @@ import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
 import TrackEventDirective from '~/vue_shared/directives/track_event';
 import { trackClickErrorLinkToSentryOptions } from '../events_tracking';
 
-const CARD_CLASS = 'gl-mr-7 gl-w-15p gl-min-w-fit-content';
+const CARD_CLASS = 'gl-mr-7 gl-w-3/20 gl-min-w-fit-content';
 const HEADER_CLASS =
   'gl-p-2 gl-font-weight-bold gl-display-flex gl-justify-content-center gl-align-items-center';
 const BODY_CLASS =
diff --git a/app/assets/javascripts/error_tracking/components/error_tracking_list.vue b/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
index 0408e5e4bf0..e77f474f46a 100644
--- a/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
+++ b/app/assets/javascripts/error_tracking/components/error_tracking_list.vue
@@ -46,31 +46,31 @@ export default {
     {
       key: 'error',
       label: __('Error'),
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-8/20',
       tdClass: `${tableDataClass}`,
     },
     {
       key: 'timeline',
       label: __('Timeline'),
-      thClass: 'gl-text-center gl-w-20p',
+      thClass: 'gl-text-center gl-w-4/20',
       tdClass: `${tableDataClass} gl-text-center`,
     },
     {
       key: 'events',
       label: __('Events'),
-      thClass: 'gl-text-center gl-w-10p',
+      thClass: 'gl-text-center gl-w-2/20',
       tdClass: `${tableDataClass} gl-text-center`,
     },
     {
       key: 'users',
       label: __('Users'),
-      thClass: 'gl-text-center gl-w-10p',
+      thClass: 'gl-text-center gl-w-2/20',
       tdClass: `${tableDataClass} gl-text-center`,
     },
     {
       key: 'lastSeen',
       label: __('Last seen'),
-      thClass: 'gl-text-center gl-w-10p',
+      thClass: 'gl-text-center gl-w-2/20',
       tdClass: `${tableDataClass} gl-text-center`,
     },
     {
diff --git a/app/assets/javascripts/import_entities/import_groups/components/import_table.vue b/app/assets/javascripts/import_entities/import_groups/components/import_table.vue
index 20d2b34def0..193b08cf6a9 100644
--- a/app/assets/javascripts/import_entities/import_groups/components/import_table.vue
+++ b/app/assets/javascripts/import_entities/import_groups/components/import_table.vue
@@ -143,13 +143,13 @@ export default {
     {
       key: 'webUrl',
       label: s__('BulkImport|Source group'),
-      thClass: 'gl-pl-0! gl-w-half',
+      thClass: 'gl-pl-0! gl-w-1/2',
       tdClass: 'gl-pl-0!',
     },
     {
       key: 'importTarget',
       label: s__('BulkImport|New group'),
-      thClass: `gl-w-half`,
+      thClass: `gl-w-1/2`,
     },
     {
       key: 'progress',
diff --git a/app/assets/javascripts/import_entities/import_projects/components/import_projects_table.vue b/app/assets/javascripts/import_entities/import_projects/components/import_projects_table.vue
index bceded18a09..05d5705c8f4 100644
--- a/app/assets/javascripts/import_entities/import_projects/components/import_projects_table.vue
+++ b/app/assets/javascripts/import_entities/import_projects/components/import_projects_table.vue
@@ -187,10 +187,10 @@ export default {
       <table class="table gl-table">
         <thead>
           <tr>
-            <th class="gl-w-half">
+            <th class="gl-w-1/2">
               {{ fromHeaderText }}
             </th>
-            <th class="gl-w-half">
+            <th class="gl-w-1/2">
               {{ __('To GitLab') }}
             </th>
             <th>
diff --git a/app/assets/javascripts/incidents/components/incidents_list.vue b/app/assets/javascripts/incidents/components/incidents_list.vue
index 16f9e9d0bfe..d15d4c71f64 100644
--- a/app/assets/javascripts/incidents/components/incidents_list.vue
+++ b/app/assets/javascripts/incidents/components/incidents_list.vue
@@ -54,7 +54,7 @@ export default {
       key: 'severity',
       label: s__('IncidentManagement|Severity'),
       variant: 'secondary',
-      thClass: `gl-w-15p`,
+      thClass: `gl-w-3/20`,
       tdClass: `${tdClass} sortable-cell`,
       actualSortKey: 'SEVERITY',
       sortable: true,
@@ -70,7 +70,7 @@ export default {
       key: 'escalationStatus',
       label: s__('IncidentManagement|Status'),
       variant: 'secondary',
-      thClass: `gl-w-eighth`,
+      thClass: `gl-w-1/8`,
       tdClass: `${tdClass} sortable-cell`,
       actualSortKey: 'ESCALATION_STATUS',
       sortable: true,
@@ -80,7 +80,7 @@ export default {
       key: 'createdAt',
       label: s__('IncidentManagement|Date created'),
       variant: 'secondary',
-      thClass: `gl-w-eighth`,
+      thClass: `gl-w-1/8`,
       tdClass: `${tdClass} sortable-cell`,
       actualSortKey: 'CREATED',
       sortable: true,
@@ -90,7 +90,7 @@ export default {
       key: 'incidentSla',
       label: s__('IncidentManagement|Time to SLA'),
       variant: 'secondary',
-      thClass: `gl-text-right gl-w-10p`,
+      thClass: `gl-text-right gl-w-2/20`,
       tdClass: `${tdClass} gl-text-right`,
       thAttr: TH_INCIDENT_SLA_TEST_ID,
       actualSortKey: 'SLA_DUE_AT',
@@ -99,7 +99,7 @@ export default {
     {
       key: 'assignees',
       label: s__('IncidentManagement|Assignees'),
-      thClass: 'gl-pointer-events-none gl-w-15',
+      thClass: 'gl-pointer-events-none gl-w-3/20',
       tdClass,
     },
     {
diff --git a/app/assets/javascripts/integrations/beyond_identity/components/add_exclusions_drawer.vue b/app/assets/javascripts/integrations/beyond_identity/components/add_exclusions_drawer.vue
index fd4f1daf104..0c4db5ceaf8 100644
--- a/app/assets/javascripts/integrations/beyond_identity/components/add_exclusions_drawer.vue
+++ b/app/assets/javascripts/integrations/beyond_identity/components/add_exclusions_drawer.vue
@@ -68,7 +68,9 @@ export default {
     </template>
 
     <template #default>
+      <!-- This selector is temporarily disabled until the backend adds support for groups -->
       <list-selector
+        v-show="false"
         type="groups"
         class="gl-m-5 gl-p-0!"
         autofocus
@@ -80,6 +82,7 @@ export default {
       <list-selector
         type="projects"
         class="gl-m-5 gl-p-0!"
+        autofocus
         :selected-items="projectExclusions"
         @select="handleSelectExclusion"
         @delete="handleRemoveExclusion"
diff --git a/app/assets/javascripts/integrations/beyond_identity/components/exclusions_list.vue b/app/assets/javascripts/integrations/beyond_identity/components/exclusions_list.vue
index 84ad156c26f..e02a4d0a593 100644
--- a/app/assets/javascripts/integrations/beyond_identity/components/exclusions_list.vue
+++ b/app/assets/javascripts/integrations/beyond_identity/components/exclusions_list.vue
@@ -1,9 +1,22 @@
 <script>
-import { GlButton, GlEmptyState } from '@gitlab/ui';
-import { sortBy, differenceBy } from 'lodash';
+import { GlButton, GlLoadingIcon, GlEmptyState, GlKeysetPagination } from '@gitlab/ui';
+import { differenceBy } from 'lodash';
 import { s__, __, sprintf } from '~/locale';
+import { createAlert } from '~/alert';
+import { fetchPolicies } from '~/lib/graphql';
+import { TYPENAME_PROJECT } from '~/graphql_shared/constants';
+import { convertToGraphQLId } from '~/graphql_shared/utils';
 import { capitalizeFirstCharacter } from '~/lib/utils/text_utility';
 import globalToast from '~/vue_shared/plugins/global_toast';
+import fetchExclusions from '../graphql/queries/beyond_identity_exclusions.query.graphql';
+import createExclusion from '../graphql/mutations/create_beyond_identity_exclusion.mutation.graphql';
+import deleteExclusion from '../graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql';
+import {
+  BEYOND_IDENTITY_INTEGRATION_NAME,
+  PROJECT_TYPE,
+  GROUP_TYPE,
+  DEFAULT_CURSOR,
+} from '../constants';
 import ExclusionsTabs from './exclusions_tabs.vue';
 import ExclusionsListItem from './exclusions_list_item.vue';
 import AddExclusionsDrawer from './add_exclusions_drawer.vue';
@@ -13,9 +26,11 @@ export default {
   name: 'ExclusionsList',
   components: {
     GlButton,
+    GlLoadingIcon,
     GlEmptyState,
     ExclusionsTabs,
     ExclusionsListItem,
+    GlKeysetPagination,
     AddExclusionsDrawer,
     ConfirmRemovalModal,
   },
@@ -25,33 +40,90 @@ export default {
       isConfirmRemovalModalOpen: false,
       exclusions: [],
       exclusionToRemove: null,
+      pageInfo: {},
+      cursor: DEFAULT_CURSOR,
     };
   },
+  apollo: {
+    exclusions: {
+      query: fetchExclusions,
+      fetchPolicy: fetchPolicies.CACHE_AND_NETWORK,
+      variables() {
+        return this.cursor;
+      },
+      update({ integrationExclusions }) {
+        this.pageInfo = integrationExclusions?.pageInfo || {};
+        return integrationExclusions?.nodes || [];
+      },
+      error() {
+        this.handleError(this.$options.i18n.errorFetch);
+      },
+    },
+  },
   computed: {
     formattedExclusions() {
-      return sortBy(
-        this.exclusions.map((exclusion) => ({
-          ...exclusion,
-          icon: exclusion.type,
-        })),
-        'type',
-        'desc',
-      );
+      return this.exclusions.map((exclusion) => {
+        const type = exclusion.project ? PROJECT_TYPE : GROUP_TYPE;
+        return {
+          ...exclusion[type],
+          icon: type,
+          type,
+        };
+      });
+    },
+    showPagination() {
+      return this.pageInfo?.hasPreviousPage || this.pageInfo?.hasNextPage;
+    },
+    isLoading() {
+      return this.$apollo.queries.exclusions.loading;
+    },
+    isEmpty() {
+      return !this.isLoading && !this.exclusions.length;
     },
-  },
-  created() {
-    this.loadExclusions();
   },
   methods: {
-    loadExclusions() {
-      // TODO: add backend call for GET/Query (follow-up)
-      this.exclusions = [];
-    },
-    handleAddExclusions(exclusions) {
+    async handleAddExclusions(exclusions) {
       const uniqueList = differenceBy(exclusions, this.exclusions, (v) => [v.id, v.type].join());
-      // TODO: add backend call for POST/Mutate (follow-up)
-      this.exclusions.push(...uniqueList);
+
+      const { data } = await this.$apollo.mutate({
+        mutation: createExclusion,
+        variables: {
+          input: {
+            projectIds: this.extractProjectIds(uniqueList),
+            integrationName: BEYOND_IDENTITY_INTEGRATION_NAME,
+          },
+        },
+      });
+
       this.isDrawerOpen = false;
+
+      if (data?.integrationExclusionCreate?.errors?.length) {
+        this.handleError(this.$options.i18n.errorCreate);
+        return;
+      }
+
+      if (this.pageInfo.hasPreviousPage) {
+        this.resetPagination();
+      } else {
+        this.$apollo.queries.exclusions.refetch();
+      }
+    },
+    extractProjectIds(exclusions) {
+      return exclusions
+        .filter((exclusion) => exclusion.type === PROJECT_TYPE)
+        .map((exclusion) => convertToGraphQLId(TYPENAME_PROJECT, exclusion.id));
+    },
+    nextPage(item) {
+      this.cursor = { after: item, last: null, before: null };
+    },
+    prevPage(item) {
+      this.cursor = { first: null, after: null, before: item };
+    },
+    resetPagination() {
+      this.cursor = DEFAULT_CURSOR;
+    },
+    handleError(message) {
+      createAlert({ message });
     },
     showRemoveModal(exclusion) {
       this.exclusionToRemove = exclusion;
@@ -60,10 +132,30 @@ export default {
     hideRemoveModal() {
       this.isConfirmRemovalModalOpen = false;
     },
-    confirmRemoveExclusion() {
+    async confirmRemoveExclusion() {
       const { exclusionToRemove } = this;
-      // TODO: add backend call for DELETE/Mutate (follow-up)
-      this.exclusions = this.exclusions.filter((item) => item.id !== exclusionToRemove.id);
+
+      const { data } = await this.$apollo.mutate({
+        mutation: deleteExclusion,
+        variables: {
+          input: {
+            projectId: exclusionToRemove.id,
+            integrationName: BEYOND_IDENTITY_INTEGRATION_NAME,
+          },
+        },
+      });
+
+      if (data?.integrationExclusionDelete?.errors?.length) {
+        this.handleError(this.$options.i18n.errorDelete);
+        return;
+      }
+
+      if (this.exclusions.length === 1 && this.pageInfo.hasPreviousPage) {
+        this.prevPage(this.pageInfo.startCursor);
+      } else {
+        this.$apollo.queries.exclusions.refetch();
+      }
+
       const type = capitalizeFirstCharacter(exclusionToRemove.type);
 
       globalToast(sprintf(this.$options.i18n.exclusionRemoved, { type }), {
@@ -81,12 +173,13 @@ export default {
     },
   },
   i18n: {
+    errorCreate: s__('Integrations|Failed to add the exclusion. Try adding it again.'),
+    errorDelete: s__('Integrations|Failed to remove the exclusion. Try removing it again.'),
+    errorFetch: s__('Integrations|Failed to fetch the exclusions. Try refreshing the page.'),
     exclusionRemoved: s__('Integrations|%{type} exclusion removed'),
     emptyText: s__('Integrations|There are no exclusions'),
     addExclusions: s__('Integrations|Add exclusions'),
-    helpText: s__(
-      'Integrations|Groups and projects in this list no longer require commits to be signed.',
-    ),
+    helpText: s__('Integrations|Projects in this list no longer require commits to be signed.'),
   },
 };
 </script>
@@ -104,7 +197,7 @@ export default {
       }}</gl-button>
     </div>
 
-    <gl-empty-state v-if="!exclusions.length" :title="$options.i18n.emptyText" />
+    <gl-empty-state v-if="isEmpty" :title="$options.i18n.emptyText" />
 
     <exclusions-list-item
       v-for="(exclusion, index) in formattedExclusions"
@@ -114,6 +207,17 @@ export default {
       @remove="() => showRemoveModal(exclusion)"
     />
 
+    <gl-loading-icon v-if="isLoading" size="lg" class="gl-my-5" />
+
+    <div v-else class="gl-mt-5 gl-display-flex gl-justify-content-center">
+      <gl-keyset-pagination
+        v-if="showPagination"
+        v-bind="pageInfo"
+        @prev="prevPage"
+        @next="nextPage"
+      />
+    </div>
+
     <add-exclusions-drawer
       :is-open="isDrawerOpen"
       @close="isDrawerOpen = false"
diff --git a/app/assets/javascripts/integrations/beyond_identity/constants.js b/app/assets/javascripts/integrations/beyond_identity/constants.js
new file mode 100644
index 00000000000..85fd7e7b44b
--- /dev/null
+++ b/app/assets/javascripts/integrations/beyond_identity/constants.js
@@ -0,0 +1,8 @@
+export const BEYOND_IDENTITY_INTEGRATION_NAME = 'BEYOND_IDENTITY';
+export const PROJECT_TYPE = 'project';
+export const GROUP_TYPE = 'group';
+export const DEFAULT_CURSOR = {
+  after: null,
+  last: null,
+  before: null,
+};
diff --git a/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/create_beyond_identity_exclusion.mutation.graphql b/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/create_beyond_identity_exclusion.mutation.graphql
new file mode 100644
index 00000000000..4b39d5ec725
--- /dev/null
+++ b/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/create_beyond_identity_exclusion.mutation.graphql
@@ -0,0 +1,13 @@
+mutation integrationExclusionCreate($input: IntegrationExclusionCreateInput!) {
+  integrationExclusionCreate(input: $input) {
+    exclusions {
+      nodes {
+        project {
+          id
+          name
+        }
+      }
+    }
+    errors
+  }
+}
diff --git a/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql b/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql
new file mode 100644
index 00000000000..d0917f18a17
--- /dev/null
+++ b/app/assets/javascripts/integrations/beyond_identity/graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql
@@ -0,0 +1,10 @@
+mutation integrationExclusionDelete($input: IntegrationExclusionDeleteInput!) {
+  integrationExclusionDelete(input: $input) {
+    exclusion {
+      project {
+        name
+      }
+    }
+    errors
+  }
+}
diff --git a/app/assets/javascripts/integrations/beyond_identity/graphql/queries/beyond_identity_exclusions.query.graphql b/app/assets/javascripts/integrations/beyond_identity/graphql/queries/beyond_identity_exclusions.query.graphql
new file mode 100644
index 00000000000..03cd2edf233
--- /dev/null
+++ b/app/assets/javascripts/integrations/beyond_identity/graphql/queries/beyond_identity_exclusions.query.graphql
@@ -0,0 +1,22 @@
+#import "~/graphql_shared/fragments/page_info.fragment.graphql"
+
+query integrationExclusion($before: String, $after: String, $first: Int, $last: Int) {
+  integrationExclusions(
+    integrationName: BEYOND_IDENTITY
+    after: $after
+    before: $before
+    first: $first
+    last: $last
+  ) {
+    nodes {
+      project {
+        avatarUrl
+        name
+        id
+      }
+    }
+    pageInfo {
+      ...PageInfo
+    }
+  }
+}
diff --git a/app/assets/javascripts/jira_connect/subscriptions/components/subscriptions_list.vue b/app/assets/javascripts/jira_connect/subscriptions/components/subscriptions_list.vue
index bee8043cf81..23cef1bbe06 100644
--- a/app/assets/javascripts/jira_connect/subscriptions/components/subscriptions_list.vue
+++ b/app/assets/javascripts/jira_connect/subscriptions/components/subscriptions_list.vue
@@ -30,7 +30,7 @@ export default {
     {
       key: 'created_at',
       label: __('Created on'),
-      tdClass: '!gl-align-middle gl-w-20p',
+      tdClass: '!gl-align-middle gl-w-2/10',
     },
     {
       key: 'actions',
diff --git a/app/assets/javascripts/packages_and_registries/dependency_proxy/components/manifests_empty_state.vue b/app/assets/javascripts/packages_and_registries/dependency_proxy/components/manifests_empty_state.vue
index 7a29cb2d5ab..614636a354c 100644
--- a/app/assets/javascripts/packages_and_registries/dependency_proxy/components/manifests_empty_state.vue
+++ b/app/assets/javascripts/packages_and_registries/dependency_proxy/components/manifests_empty_state.vue
@@ -59,7 +59,7 @@ export default {
           id="code-example"
           readonly
           :value="$options.codeExample"
-          class="gl-w-70p gl-mx-auto"
+          class="gl-w-7/10 gl-mx-auto"
           select-on-click
         >
           <template #append>
diff --git a/app/assets/javascripts/packages_and_registries/package_registry/components/details/package_title.vue b/app/assets/javascripts/packages_and_registries/package_registry/components/details/package_title.vue
index c1534bf12ff..e4e71f8f42a 100644
--- a/app/assets/javascripts/packages_and_registries/package_registry/components/details/package_title.vue
+++ b/app/assets/javascripts/packages_and_registries/package_registry/components/details/package_title.vue
@@ -1,5 +1,5 @@
 <script>
-import { GlSprintf, GlBadge, GlResizeObserverDirective } from '@gitlab/ui';
+import { GlSprintf, GlBadge, GlResizeObserverDirective, GlTooltipDirective } from '@gitlab/ui';
 import { GlBreakpointInstance } from '@gitlab/ui/dist/utils';
 import { __, s__, sprintf } from '~/locale';
 import { formatDate } from '~/lib/utils/datetime_utility';
@@ -9,6 +9,7 @@ import { getPackageTypeLabel } from '~/packages_and_registries/package_registry/
 import MetadataItem from '~/vue_shared/components/registry/metadata_item.vue';
 import TitleArea from '~/vue_shared/components/registry/title_area.vue';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 
 export default {
   name: 'PackageTitle',
@@ -22,11 +23,14 @@ export default {
   },
   directives: {
     GlResizeObserver: GlResizeObserverDirective,
+    GlTooltip: GlTooltipDirective,
   },
+  mixins: [glFeatureFlagsMixin()],
   inject: ['isGroupPage'],
   i18n: {
     lastDownloadedAt: s__('PackageRegistry|Last downloaded %{dateTime}'),
     packageInfo: __('v%{version} published %{timeAgo}'),
+    badgeProtectedTooltipText: s__('PackageRegistry|A protection rule exists for this package.'),
   },
   props: {
     packageEntity: {
@@ -60,6 +64,12 @@ export default {
     hasTagsToDisplay() {
       return Boolean(this.packageEntity.tags?.nodes && this.packageEntity.tags?.nodes.length);
     },
+    showBadgeProtected() {
+      return (
+        Boolean(this.glFeatures.packagesProtectedPackages) &&
+        Boolean(this.packageEntity?.packageProtectionRuleExists)
+      );
+    },
   },
   mounted() {
     this.checkBreakpoints();
@@ -79,7 +89,10 @@ export default {
     :avatar="packageIcon"
   >
     <template #sub-header>
-      <div data-testid="sub-header" class="gl-display-flex gl-flex-wrap gl-gap-3">
+      <div
+        data-testid="sub-header"
+        class="gl-display-flex gl-flex-wrap gl-gap-2 gl-align-items-baseline"
+      >
         <gl-sprintf :message="$options.i18n.packageInfo">
           <template #version>{{ packageEntity.version }}</template>
 
@@ -108,6 +121,16 @@ export default {
             {{ tag.name }}
           </gl-badge>
         </template>
+
+        <gl-badge
+          v-if="showBadgeProtected"
+          v-gl-tooltip="{ title: $options.i18n.badgeProtectedTooltipText }"
+          icon-size="sm"
+          size="sm"
+          variant="neutral"
+        >
+          {{ __('protected') }}
+        </gl-badge>
       </div>
     </template>
 
diff --git a/app/assets/javascripts/packages_and_registries/package_registry/components/list/package_list_row.vue b/app/assets/javascripts/packages_and_registries/package_registry/components/list/package_list_row.vue
index 2b0939a0dfc..542e0b6d0e3 100644
--- a/app/assets/javascripts/packages_and_registries/package_registry/components/list/package_list_row.vue
+++ b/app/assets/javascripts/packages_and_registries/package_registry/components/list/package_list_row.vue
@@ -164,6 +164,7 @@ export default {
         <div v-if="showTags || showBadgeProtected" class="gl-display-flex gl-gap-2">
           <package-tags
             v-if="showTags"
+            class="gl-ml-2"
             :tags="packageEntity.tags.nodes"
             hide-label
             :tag-display-limit="1"
@@ -172,11 +173,13 @@ export default {
           <gl-badge
             v-if="showBadgeProtected"
             v-gl-tooltip="{ title: $options.i18n.badgeProtectedTooltipText }"
+            class="gl-ml-2"
             icon-size="sm"
             size="sm"
             variant="neutral"
-            >{{ __('protected') }}</gl-badge
           >
+            {{ __('protected') }}
+          </gl-badge>
         </div>
       </div>
     </template>
diff --git a/app/assets/javascripts/packages_and_registries/package_registry/graphql/queries/get_package_details.query.graphql b/app/assets/javascripts/packages_and_registries/package_registry/graphql/queries/get_package_details.query.graphql
index 69fc1e27b78..66169316481 100644
--- a/app/assets/javascripts/packages_and_registries/package_registry/graphql/queries/get_package_details.query.graphql
+++ b/app/assets/javascripts/packages_and_registries/package_registry/graphql/queries/get_package_details.query.graphql
@@ -20,6 +20,7 @@ query getPackageDetails($id: PackagesPackageID!) {
     pypiSetupUrl
     composerUrl
     composerConfigRepositoryUrl
+    packageProtectionRuleExists
     project {
       id
       path
diff --git a/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue b/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue
index c965dfcf53c..ae2e5f56b5d 100644
--- a/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue
+++ b/app/assets/javascripts/pages/import/bulk_imports/history/components/bulk_imports_history_app.vue
@@ -85,12 +85,12 @@ export default {
     tableCell({
       key: 'source_full_path',
       label: s__('BulkImport|Source'),
-      thClass: `gl-w-30p`,
+      thClass: `gl-w-3/10`,
     }),
     tableCell({
       key: 'destination_name',
       label: s__('BulkImport|Destination'),
-      thClass: `gl-w-30p`,
+      thClass: `gl-w-3/10`,
     }),
     tableCell({
       key: 'created_at',
@@ -99,7 +99,7 @@ export default {
     tableCell({
       key: 'status',
       label: __('Status'),
-      thClass: `gl-w-quarter`,
+      thClass: `gl-w-1/4`,
     }),
   ],
 
diff --git a/app/assets/javascripts/pages/import/history/components/import_history_app.vue b/app/assets/javascripts/pages/import/history/components/import_history_app.vue
index 457f6e55b44..327e1c15536 100644
--- a/app/assets/javascripts/pages/import/history/components/import_history_app.vue
+++ b/app/assets/javascripts/pages/import/history/components/import_history_app.vue
@@ -54,12 +54,12 @@ export default {
     tableCell({
       key: 'source',
       label: s__('BulkImport|Source'),
-      thClass: 'gl-w-30p',
+      thClass: 'gl-w-3/10',
     }),
     tableCell({
       key: 'destination',
       label: s__('BulkImport|Destination'),
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-4/10',
     }),
     tableCell({
       key: 'created_at',
diff --git a/app/assets/javascripts/performance_bar/index.js b/app/assets/javascripts/performance_bar/index.js
index e3e48e61393..eb18d4b54b4 100644
--- a/app/assets/javascripts/performance_bar/index.js
+++ b/app/assets/javascripts/performance_bar/index.js
@@ -1,5 +1,3 @@
-import '../webpack';
-
 import { isEmpty } from 'lodash';
 import Vue from 'vue';
 import axios from '~/lib/utils/axios_utils';
diff --git a/app/assets/javascripts/projects/settings/branch_rules/components/edit/index.vue b/app/assets/javascripts/projects/settings/branch_rules/components/edit/index.vue
index ad3eb7d2899..9de4c400e96 100644
--- a/app/assets/javascripts/projects/settings/branch_rules/components/edit/index.vue
+++ b/app/assets/javascripts/projects/settings/branch_rules/components/edit/index.vue
@@ -39,7 +39,7 @@ export default {
       <branch-dropdown
         id="branches"
         v-model="branch"
-        class="gl-w-half"
+        class="gl-w-1/2"
         :project-path="projectPath"
         @createWildcard="branch = $event"
       />
diff --git a/app/assets/javascripts/projects/settings/branch_rules/components/view/protection_row.vue b/app/assets/javascripts/projects/settings/branch_rules/components/view/protection_row.vue
index dbd2def66f7..b1ce9ed61e8 100644
--- a/app/assets/javascripts/projects/settings/branch_rules/components/view/protection_row.vue
+++ b/app/assets/javascripts/projects/settings/branch_rules/components/view/protection_row.vue
@@ -70,11 +70,11 @@ export default {
     :class="{ 'gl-border-t-solid': showDivider }"
   >
     <div class="gl-display-flex gl-w-full gl-justify-content-space-between gl-align-items-center">
-      <div class="gl-mr-7 gl-w-quarter">{{ title }}</div>
+      <div class="gl-mr-7 gl-w-1/4">{{ title }}</div>
 
       <gl-avatars-inline
         v-if="users.length"
-        class="gl-w-quarter!"
+        class="!gl-w-1/4"
         :avatars="users"
         :collapsed="true"
         :max-visible="$options.MAX_VISIBLE_AVATARS"
diff --git a/app/assets/javascripts/sidebar/components/time_tracking/report.vue b/app/assets/javascripts/sidebar/components/time_tracking/report.vue
index a12744972c2..d85586e1f48 100644
--- a/app/assets/javascripts/sidebar/components/time_tracking/report.vue
+++ b/app/assets/javascripts/sidebar/components/time_tracking/report.vue
@@ -193,7 +193,7 @@ export default {
     },
   },
   fields: [
-    { key: 'spentAt', label: __('Date'), tdClass: 'gl-w-quarter' },
+    { key: 'spentAt', label: __('Date'), tdClass: 'gl-w-1/4' },
     { key: 'timeSpent', label: __('Time spent'), tdClass: 'gl-w-15' },
     { key: 'user', label: __('User') },
     { key: 'summary', label: __('Summary') },
diff --git a/app/assets/javascripts/usage_quotas/storage/project/components/project_storage_detail.vue b/app/assets/javascripts/usage_quotas/storage/project/components/project_storage_detail.vue
index 9d94da40c85..a64053d4543 100644
--- a/app/assets/javascripts/usage_quotas/storage/project/components/project_storage_detail.vue
+++ b/app/assets/javascripts/usage_quotas/storage/project/components/project_storage_detail.vue
@@ -37,12 +37,12 @@ export default {
     {
       key: 'storageType',
       label: PROJECT_TABLE_LABEL_STORAGE_TYPE,
-      thClass: 'gl-w-90p',
+      thClass: 'gl-w-9/10',
     },
     {
       key: 'value',
       label: PROJECT_TABLE_LABEL_USAGE,
-      thClass: 'gl-w-10p',
+      thClass: 'gl-w-1/10',
     },
   ],
 };
diff --git a/app/assets/javascripts/vue_shared/alert_details/components/alert_sidebar.vue b/app/assets/javascripts/vue_shared/alert_details/components/alert_sidebar.vue
index ca42cb0b1b5..807f392754e 100644
--- a/app/assets/javascripts/vue_shared/alert_details/components/alert_sidebar.vue
+++ b/app/assets/javascripts/vue_shared/alert_details/components/alert_sidebar.vue
@@ -66,7 +66,7 @@ export default {
         :alert="alert"
         :sidebar-collapsed="sidebarStatus"
         text-class="gl-text-gray-500"
-        class="gl-w-70p"
+        class="gl-w-7/10"
         @toggle-sidebar="$emit('toggle-sidebar')"
         @alert-error="$emit('alert-error', $event)"
       />
diff --git a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue
index 181b5dd8c62..f89109e3c06 100644
--- a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue
+++ b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue
@@ -193,7 +193,7 @@ export default {
 
 <template>
   <div
-    class="alert-assignees gl-py-5 gl-w-70p"
+    class="alert-assignees gl-py-5 gl-w-7/10"
     :class="{ 'gl-border-b-1 gl-border-b-solid gl-border-b-gray-100': !sidebarCollapsed }"
   >
     <template v-if="sidebarCollapsed">
diff --git a/app/assets/javascripts/vue_shared/components/usage_quotas/usage_banner.vue b/app/assets/javascripts/vue_shared/components/usage_quotas/usage_banner.vue
index 45d49e5339a..c7545664ef5 100644
--- a/app/assets/javascripts/vue_shared/components/usage_quotas/usage_banner.vue
+++ b/app/assets/javascripts/vue_shared/components/usage_quotas/usage_banner.vue
@@ -42,7 +42,7 @@ export default {
                 'left-secondary-text'
               ]
             "
-            class="gl-display-flex gl-align-items-center gl-text-gray-500 gl-min-h-6 gl-min-w-0 gl-flex-grow-1 gl-w-70p gl-md-max-w-70p"
+            class="gl-display-flex gl-align-items-center gl-text-gray-500 gl-min-h-6 gl-min-w-0 gl-flex-grow-1 gl-w-7/10 gl-md-max-w-70p"
           >
             <slot name="left-secondary-text"></slot>
           </div>
diff --git a/app/assets/javascripts/vue_shared/components/users_table/users_table.vue b/app/assets/javascripts/vue_shared/components/users_table/users_table.vue
index 15a59900aa7..102c2ec92f0 100644
--- a/app/assets/javascripts/vue_shared/components/users_table/users_table.vue
+++ b/app/assets/javascripts/vue_shared/components/users_table/users_table.vue
@@ -35,32 +35,32 @@ export default {
     {
       key: 'name',
       label: __('Name'),
-      thClass: 'gl-w-40p',
+      thClass: 'gl-w-8/20',
     },
     {
       key: 'projectsCount',
       label: __('Projects'),
-      thClass: 'gl-w-10p',
+      thClass: 'gl-w-2/20',
     },
     {
       key: 'groupCount',
       label: __('Groups'),
-      thClass: 'gl-w-10p',
+      thClass: 'gl-w-2/20',
     },
     {
       key: 'createdAt',
       label: __('Created on'),
-      thClass: 'gl-w-15p',
+      thClass: 'gl-w-3/20',
     },
     {
       key: 'lastActivityOn',
       label: __('Last activity'),
-      thClass: 'gl-w-15p',
+      thClass: 'gl-w-3/20',
     },
     {
       key: 'settings',
       label: '',
-      thClass: 'gl-w-10p',
+      thClass: 'gl-w-2/20',
     },
   ],
 };
diff --git a/app/controllers/projects/packages/packages_controller.rb b/app/controllers/projects/packages/packages_controller.rb
index 96fea1340d9..95892c949c8 100644
--- a/app/controllers/projects/packages/packages_controller.rb
+++ b/app/controllers/projects/packages/packages_controller.rb
@@ -8,7 +8,7 @@ module Projects
       feature_category :package_registry
       urgency :low
 
-      before_action :set_feature_flag_packages_protected_packages, only: :index
+      before_action :set_feature_flag_packages_protected_packages, only: [:index, :show]
 
       def index; end
 
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index 5bb6fb64f5b..e124ad76572 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -15,7 +15,8 @@ class Projects::PipelinesController < Projects::ApplicationController
   before_action :pipeline, except: [:index, :new, :create, :charts]
   before_action :set_pipeline_path, only: [:show]
   before_action :authorize_read_pipeline!
-  before_action :authorize_read_build!, only: [:index, :show]
+  before_action :authorize_read_build!, only: [:index]
+  before_action :authorize_read_build_on_pipeline!, only: [:show]
   before_action :authorize_read_ci_cd_analytics!, only: [:charts]
   before_action :authorize_create_pipeline!, only: [:new, :create]
   before_action :authorize_update_pipeline!, only: [:retry]
@@ -321,6 +322,10 @@ class Projects::PipelinesController < Projects::ApplicationController
     return access_denied! unless can?(current_user, :cancel_pipeline, @pipeline)
   end
 
+  def authorize_read_build_on_pipeline!
+    return access_denied! unless can?(current_user, :read_build, @pipeline)
+  end
+
   def limited_pipelines_count(project, scope = nil)
     finder = Ci::PipelinesFinder.new(project, current_user, index_params.merge(scope: scope))
 
diff --git a/app/models/active_session.rb b/app/models/active_session.rb
index 8c1c21dbd49..8129ded8e33 100644
--- a/app/models/active_session.rb
+++ b/app/models/active_session.rb
@@ -255,7 +255,7 @@ class ActiveSession
       # Deprecated legacy format. To be removed in 15.0
       # See: https://gitlab.com/gitlab-org/gitlab/-/issues/30516
       # Explanation of why this Marshal.load call is OK:
-      # https://gitlab.com/gitlab-com/gl-security/appsec/appsec-reviews/-/issues/124#note_744576714
+      # https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-reviews/-/issues/124#note_744576714
       # rubocop:disable Security/MarshalLoad
       Marshal.load(raw_session)
       # rubocop:enable Security/MarshalLoad
diff --git a/app/models/project_wiki.rb b/app/models/project_wiki.rb
index e64892dfa03..44fd7ca9b58 100644
--- a/app/models/project_wiki.rb
+++ b/app/models/project_wiki.rb
@@ -46,7 +46,3 @@ class ProjectWiki < Wiki
     container.create_wiki_repository!
   end
 end
-
-# TODO: Remove this once we implement ES support for group wikis.
-# https://gitlab.com/gitlab-org/gitlab/-/issues/207889
-ProjectWiki.prepend_mod_with('ProjectWiki')
diff --git a/app/policies/ci/pipeline_policy.rb b/app/policies/ci/pipeline_policy.rb
index c01162a86df..cfff53cad5a 100644
--- a/app/policies/ci/pipeline_policy.rb
+++ b/app/policies/ci/pipeline_policy.rb
@@ -22,6 +22,16 @@ module Ci
       can?(:read_dependency, @subject.project)
     end
 
+    condition(:project_allows_read_build) do
+      can?(:read_build, @subject.project)
+    end
+
+    # Allow reading builds for external pipelines regardless of whether CI/CD is disabled
+    overrides :read_build
+    rule { project_allows_read_build | (external_pipeline & can?(:reporter_access)) }.policy do
+      enable :read_build
+    end
+
     # Disallow users without permissions from accessing internal pipelines
     rule { ~can?(:read_build) & ~external_pipeline }.policy do
       prevent :read_pipeline
diff --git a/config/initializers/grpc_patch.rb b/config/initializers/grpc_patch.rb
deleted file mode 100644
index a6094f85c94..00000000000
--- a/config/initializers/grpc_patch.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-require 'grpc'
-
-# grpc v1.42 and up introduced a regression where a non-standard
-# exception, `GRPC::Core::CallError`, is raised instead of
-# DeadlineExceeded: https://github.com/grpc/grpc/issues/33283.
-# This patch applies https://github.com/grpc/grpc/pull/33565.
-module Gitlab
-  module GRPCPatch
-    module ActiveCall
-      def remote_read
-        super
-      ensure
-        # Ensure we don't attempt to request the initial metadata again
-        # in case an exception occurs.
-        @metadata_received = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
-      end
-
-      def receive_and_check_status
-        super
-      ensure
-        # Ensure we don't attempt to request the initial metadata again
-        # in case an exception occurs.
-        @metadata_received = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
-      end
-    end
-  end
-end
-
-GRPC::ActiveCall.prepend Gitlab::GRPCPatch::ActiveCall
diff --git a/config/known_invalid_graphql_queries.yml b/config/known_invalid_graphql_queries.yml
index 579ee083833..43b5a685886 100644
--- a/config/known_invalid_graphql_queries.yml
+++ b/config/known_invalid_graphql_queries.yml
@@ -1,4 +1,7 @@
 ---
 filenames:
+  - app/assets/javascripts/integrations/beyond_identity/graphql/mutations/create_beyond_identity_exclusion.mutation.graphql
+  - app/assets/javascripts/integrations/beyond_identity/graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql
+  - app/assets/javascripts/integrations/beyond_identity/graphql/queries/beyond_identity_exclusions.query.graphql
   - ee/app/assets/javascripts/oncall_schedules/graphql/mutations/update_oncall_schedule_rotation.mutation.graphql
   - app/assets/javascripts/security_configuration/graphql/set_container_scanning_for_registry.graphql
\ No newline at end of file
diff --git a/config/tailwind.config.js b/config/tailwind.config.js
index cdb7d68a455..1930e2be4d8 100644
--- a/config/tailwind.config.js
+++ b/config/tailwind.config.js
@@ -1,6 +1,7 @@
 const path = require('path');
 const plugin = require('tailwindcss/plugin');
 const tailwindDefaults = require('@gitlab/ui/tailwind.defaults');
+const { range, round } = require('lodash');
 
 // Try loading the tailwind css_in_js, in case they exist
 let utilities = {};
@@ -33,6 +34,8 @@ function gitLabUIUtilities({ addUtilities }) {
   });
 }
 
+const widthPercentageScales = [8, 10, 20];
+
 /** @type {import('tailwindcss').Config} */
 module.exports = {
   presets: [tailwindDefaults],
@@ -132,6 +135,20 @@ module.exports = {
         'x0-y2-b4-s0': '0 2px 4px 0 #0000001a',
         'x0-y0-b3-s1-blue-500': 'inset 0 0 3px 1px var(--blue-500, #1f75cb)',
       },
+      // TODO: backport these width percentage classes to GitLab UI
+      width: widthPercentageScales.reduce((accumulator1, denominator) => {
+        return {
+          ...accumulator1,
+          ...range(1, denominator).reduce((accumulator2, numerator) => {
+            const width = (numerator / denominator) * 100;
+
+            return {
+              ...accumulator2,
+              [`${numerator}/${denominator}`]: `${round(width, 6)}%`,
+            };
+          }, {}),
+        };
+      }, {}),
       zIndex: {
         1: '1',
         2: '2',
diff --git a/db/docs/batched_background_migrations/remove_namespace_from_os_type_sbom_components.yml b/db/docs/batched_background_migrations/remove_namespace_from_os_type_sbom_components.yml
new file mode 100644
index 00000000000..045ea8bebe1
--- /dev/null
+++ b/db/docs/batched_background_migrations/remove_namespace_from_os_type_sbom_components.yml
@@ -0,0 +1,8 @@
+---
+migration_job_name: RemoveNamespaceFromOsTypeSbomComponents
+description: Removes namespace from operating system components
+feature_category: software_composition_analysis
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/151444
+milestone: '17.0'
+queued_migration_version: 20240425205205
+finalize_after: '2024-05-06'
diff --git a/db/post_migrate/20240424183213_backfill_deployment_approval_data.rb b/db/post_migrate/20240424183213_backfill_deployment_approval_data.rb
new file mode 100644
index 00000000000..12cebc50ef7
--- /dev/null
+++ b/db/post_migrate/20240424183213_backfill_deployment_approval_data.rb
@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+class BackfillDeploymentApprovalData < Gitlab::Database::Migration[2.2]
+  milestone '17.0'
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+  disable_ddl_transaction!
+
+  BATCH_SIZE = 500
+
+  def up
+    protected_environments_model = define_batchable_model('protected_environments')
+
+    protected_environments_model.each_batch(of: BATCH_SIZE) do |relation|
+      connection.execute(
+        <<~SQL
+          INSERT INTO protected_environment_approval_rules
+                      (protected_environment_id,
+                       created_at,
+                       updated_at,
+                       required_approvals,
+                       access_level,
+                       user_id,
+                       group_id,
+                       group_inheritance_type)
+          SELECT protected_environments.id,
+                 Now(),
+                 Now(),
+                 protected_environments.required_approval_count,
+                 protected_environment_deploy_access_levels.access_level,
+                 protected_environment_deploy_access_levels.user_id,
+                 protected_environment_deploy_access_levels.group_id,
+                 protected_environment_deploy_access_levels.group_inheritance_type
+
+          FROM
+            protected_environment_deploy_access_levels
+            INNER JOIN protected_environments ON protected_environments.id = protected_environment_deploy_access_levels.protected_environment_id
+          WHERE
+            protected_environments.required_approval_count > 0
+            AND NOT EXISTS (
+              SELECT
+                1
+              FROM
+                protected_environment_approval_rules
+              WHERE
+                protected_environment_id = protected_environments.id
+            )
+            AND protected_environments.id IN (#{relation.select(:id).to_sql})
+        SQL
+      )
+    end
+  end
+
+  def down
+    # noop
+  end
+end
diff --git a/db/post_migrate/20240425205205_queue_remove_namespace_from_os_type_sbom_components.rb b/db/post_migrate/20240425205205_queue_remove_namespace_from_os_type_sbom_components.rb
new file mode 100644
index 00000000000..8920006c316
--- /dev/null
+++ b/db/post_migrate/20240425205205_queue_remove_namespace_from_os_type_sbom_components.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class QueueRemoveNamespaceFromOsTypeSbomComponents < Gitlab::Database::Migration[2.2]
+  milestone '17.0'
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  MIGRATION = "RemoveNamespaceFromOsTypeSbomComponents"
+  DELAY_INTERVAL = 2.minutes
+  BATCH_SIZE = 2000
+  SUB_BATCH_SIZE = 500
+
+  def up
+    queue_batched_background_migration(
+      MIGRATION,
+      :sbom_components,
+      :id,
+      job_interval: DELAY_INTERVAL,
+      batch_size: BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+  end
+
+  def down
+    delete_batched_background_migration(MIGRATION, :sbom_components, :id, [])
+  end
+end
diff --git a/db/schema_migrations/20240424183213 b/db/schema_migrations/20240424183213
new file mode 100644
index 00000000000..318475be4c1
--- /dev/null
+++ b/db/schema_migrations/20240424183213
@@ -0,0 +1 @@
+e28379ba90924aaa7171e44db9340404e850aa2307a160eb48e99caa813dc98f
\ No newline at end of file
diff --git a/db/schema_migrations/20240425205205 b/db/schema_migrations/20240425205205
new file mode 100644
index 00000000000..016bbcf9ae2
--- /dev/null
+++ b/db/schema_migrations/20240425205205
@@ -0,0 +1 @@
+238ea0baf71474f54faf19b6e8cdd41c35aa396e0e7641aa1808157ff1fe20ec
\ No newline at end of file
diff --git a/doc/administration/audit_event_streaming/audit_event_types.md b/doc/administration/audit_event_streaming/audit_event_types.md
deleted file mode 100644
index 4023ad3fa66..00000000000
--- a/doc/administration/audit_event_streaming/audit_event_types.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../audit_event_types.md'
-remove_date: '2024-03-22'
----
-
-This document was moved to [another location](../audit_event_types.md).
-
-<!-- This redirect file can be deleted after <2024-03-22>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
diff --git a/doc/administration/gitaly/bundle_uri.md b/doc/administration/gitaly/bundle_uris.md
similarity index 94%
rename from doc/administration/gitaly/bundle_uri.md
rename to doc/administration/gitaly/bundle_uris.md
index 0b302341b43..1e76db994d5 100644
--- a/doc/administration/gitaly/bundle_uri.md
+++ b/doc/administration/gitaly/bundle_uris.md
@@ -4,7 +4,7 @@ group: Gitaly
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Bundle URI
+# Bundle URIs
 
 DETAILS:
 **Status:** Experiment
@@ -20,10 +20,10 @@ is not ready for production use.
 
 Gitaly supports Git [bundle URIs](https://git-scm.com/docs/bundle-uri). Bundle
 URIs are locations where Git can download one or more bundles to bootstrap the
-object database before fetching the remaining objects from a remote. Bundle URI
-is built in to the Git protocol.
+object database before fetching the remaining objects from a remote. Bundle URIs
+are built in to the Git protocol.
 
-Using Bundle URI can:
+Using Bundle URIs can:
 
 - Speed up clones and fetches for users with a poor network connection to the
   GitLab server. The bundles can be stored on a CDN, making them available
@@ -32,15 +32,13 @@ Using Bundle URI can:
   bundles from somewhere else, the remaining work to incrementally fetch missing
   objects and references creates a lot less load on the server.
 
-Prerequisites:
+## Prerequisites
 
-- The Git config [`transfer.bundleURI`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferbundleURI)
+- The Git configuration [`transfer.bundleURI`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-transferbundleURI)
   must be enabled on Git clients.
 - GitLab Runner 16.6 or later.
-
 - In CI/CD pipeline configuration, the
-  [default Git strategy](../../ci/pipelines/settings.md#choose-the-default-git-strategy)
-  set to `git clone`.
+  [default Git strategy](../../ci/pipelines/settings.md#choose-the-default-git-strategy) set to `git clone`.
 
 ## Server configuration
 
@@ -228,7 +226,7 @@ sudo /opt/gitlab/embedded/bin/gitaly bundle-uri \
 ```
 
 This command generates the bundle and stores it on the configured storage service.
-Gitaly does not automatically refresh the generated bundle, so when want to generate
+Gitaly does not automatically refresh the generated bundle. When want to generate
 a more recent version of a bundle, you must the run command again.
 
 You can schedule this command with a tool like `cron(8)`.
@@ -261,9 +259,9 @@ Updating files: 100% (71304/71304), done.
 
 In the above example:
 
-- When not using Bundle URI, there were 5,271,177 objects received from the
+- When not using a Bundle URI, there were 5,271,177 objects received from the
   GitLab server.
-- When using Bundle URL, there were 1,322,255 objects received from the GitLab
+- When using a Bundle URI, there were 1,322,255 objects received from the GitLab
   server.
 
 This reduction means GitLab needs to pack together fewer objects (in the above
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index caaf1691fa1..47737b07b1c 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -191,10 +191,10 @@ For more information on the other subcommands, run `gitaly --help`.
 When backing up or syncing repositories using tools other than GitLab, you must [prevent writes](../../administration/backup_restore/backup_gitlab.md#prevent-writes-and-copy-the-git-repository-data)
 while copying repository data.
 
-### Bundle URI
+### Bundle URIs
 
 You can use Git [bundle URIs](https://git-scm.com/docs/bundle-uri) with Gitaly.
-For more information, see the [Bundle URI documentation](bundle_uri.md).
+For more information, see the [Bundle URIs documentation](bundle_uris.md).
 
 ## Gitaly Cluster
 
diff --git a/doc/administration/job_artifacts_troubleshooting.md b/doc/administration/job_artifacts_troubleshooting.md
index dcd827710e8..85d54e9bb7f 100644
--- a/doc/administration/job_artifacts_troubleshooting.md
+++ b/doc/administration/job_artifacts_troubleshooting.md
@@ -177,6 +177,7 @@ and alter them as needed:
 - `10.days.from_now`
 - `2.weeks.from_now`
 - `3.months.from_now`
+- `1.year.from_now`
 
 Each of the following scripts also limits the search to 50 results with `.limit(50)`, but this number can also be changed as needed:
 
diff --git a/doc/administration/monitoring/performance/gitlab_configuration.md b/doc/administration/monitoring/performance/gitlab_configuration.md
deleted file mode 100644
index 6f2f1f62d72..00000000000
--- a/doc/administration/monitoring/performance/gitlab_configuration.md
+++ /dev/null
@@ -1,16 +0,0 @@
----
-stage: Monitor
-group: Respond
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-remove_date: '2020-05-22'
-redirect_to: '../prometheus/index.md'
----
-
-# GitLab Configuration (removed)
-
-DETAILS:
-**Tier:** Free, Premium, Ultimate
-**Offering:** Self-managed
-
-This feature was [removed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30786) in GitLab 13.0.
-Use the [Prometheus integration](../prometheus/index.md) instead.
diff --git a/doc/architecture/blueprints/cells/iterations/cells-1.0.md b/doc/architecture/blueprints/cells/iterations/cells-1.0.md
index a6fa14d6ac6..2b6cf7726c7 100644
--- a/doc/architecture/blueprints/cells/iterations/cells-1.0.md
+++ b/doc/architecture/blueprints/cells/iterations/cells-1.0.md
@@ -24,7 +24,7 @@ contribution model in a cellular architecture.
 A Cells 1.0 is meant to target internal customers that have the following expectations:
 
 1. They want to use our multi-tenant SaaS solution (GitLab.com) to serve their Organization.
-1. They accept that they may receive updates later than the rest of GitLab.com. Note that when GitLab does a patch release, the Delivery team makes sure that production (every cell) runs the patch release version before making the release public. This does not mean that outside of a patch release, all the cells run the same version of GitLab. See [this private discussion](https://gitlab.com/gitlab-com/gl-security/appsec/threat-models/-/issues/45#note_1794904358) for more information.
+1. They accept that they may receive updates later than the rest of GitLab.com. Note that when GitLab does a patch release, the Delivery team makes sure that production (every cell) runs the patch release version before making the release public. This does not mean that outside of a patch release, all the cells run the same version of GitLab. See [this private discussion](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/threat-models/-/issues/45#note_1794904358) for more information.
 1. They want to use an environment with higher degree of isolation to rest of the system.
 1. They want to control all users that contribute to their Organization.
 1. Their groups and projects are meant to be private.
diff --git a/doc/architecture/blueprints/ci_data_decay/pipeline_partitioning.md b/doc/architecture/blueprints/ci_data_decay/pipeline_partitioning.md
index 704f7b038cb..897b6800dcb 100644
--- a/doc/architecture/blueprints/ci_data_decay/pipeline_partitioning.md
+++ b/doc/architecture/blueprints/ci_data_decay/pipeline_partitioning.md
@@ -647,7 +647,7 @@ hours, and always reading from two partitions through a routing table. The
 strategy to partition these tables is well understood, but requires a solid
 Ruby-based automation to manage the creation and deletion of these partitions.
 To achieve that we will collaborate with the Database team to adapt
-[existing database partitioning tools](../../../development/database/table_partitioning.md)
+[existing database partitioning tools](../../../development/database/partitioning/index.md)
 to support CI/CD data partitioning.
 
 ## Iterating to reduce the risk
diff --git a/doc/ci/yaml/inputs.md b/doc/ci/yaml/inputs.md
index b092ec6b769..713f66ffb3e 100644
--- a/doc/ci/yaml/inputs.md
+++ b/doc/ci/yaml/inputs.md
@@ -159,6 +159,8 @@ test_job:
 
 #### Array type
 
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/407176) in GitLab 16.11.
+
 The content of the items in an array type can be any valid YAML map, sequence, or scalar. More complex YAML features
 like [`!reference`](yaml_optimization.md#reference-tags) cannot be used.
 
diff --git a/doc/development/audit_event_guide/index.md b/doc/development/audit_event_guide/index.md
index d06dcb202d7..ed955e8f60a 100644
--- a/doc/development/audit_event_guide/index.md
+++ b/doc/development/audit_event_guide/index.md
@@ -227,7 +227,7 @@ To add a new audit event type:
 
 ### Generate documentation
 
-Audit event types documentation is automatically generated and [published](../../administration/audit_event_streaming/audit_event_types.md)
+Audit event types documentation is automatically generated and [published](../../administration/audit_event_types.md)
 to the GitLab documentation site.
 
 If you add a new audit event type, run the
diff --git a/doc/development/changelog.md b/doc/development/changelog.md
index f2ba1aa13a9..c00433e98de 100644
--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@@ -88,7 +88,7 @@ EE: true
 - Any change that introduces a database migration, whether it's regular, post,
   or data migration, **must** have a changelog entry, even if it is behind a
   disabled feature flag.
-- [Security fixes](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md)
+- [Security fixes](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md)
   **must** have a changelog entry, with `Changelog` trailer set to `security`.
 - Any user-facing change **must** have a changelog entry. Example: "GitLab now
   uses system fonts for all text."
diff --git a/doc/development/database/table_partitioning.md b/doc/development/database/table_partitioning.md
deleted file mode 100644
index b82bb11f662..00000000000
--- a/doc/development/database/table_partitioning.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: 'partitioning/index.md'
-remove_date: '2024-04-16'
----
-
-This document was moved to [another location](partitioning/index.md).
-
-<!-- This redirect file can be deleted after <2024-04-16>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
diff --git a/doc/development/development_processes.md b/doc/development/development_processes.md
index b10cf04c06f..730f7da6188 100644
--- a/doc/development/development_processes.md
+++ b/doc/development/development_processes.md
@@ -24,7 +24,7 @@ Complementary reads:
 
 - [Avoiding required stops](avoiding_required_stops.md)
 - [Contribute to GitLab](contributing/index.md)
-- [Security process for developers](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer)
+- [Security process for developers](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md#security-releases-critical-non-critical-as-a-developer)
 - [Patch release process for developers](https://gitlab.com/gitlab-org/release/docs/blob/master/general/patch/process.md#process-for-developers)
 - [Guidelines for implementing Enterprise Edition features](ee_features.md)
 - [Adding a new service component to GitLab](adding_service_component.md)
diff --git a/doc/development/rake_tasks.md b/doc/development/rake_tasks.md
index 1d081573f01..64b0eb7fb37 100644
--- a/doc/development/rake_tasks.md
+++ b/doc/development/rake_tasks.md
@@ -55,7 +55,7 @@ DETAILS:
 **Offering:** GitLab.com, Self-managed, GitLab Dedicated
 
 You can seed issues specifically for working with the
-[Insights charts](../user/group/insights/index.md) with the
+[Insights charts](../user/project/insights/index.md) with the
 `gitlab:seed:insights:issues` task:
 
 ```shell
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index e371caee973..d9d211d5d77 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -17,16 +17,16 @@ For each of the guidelines listed in this document, AppSec aims to have a SAST r
 
 | Guideline | Rule | Status |
 |---|---|---|
-| [Regular Expressions](#regular-expressions-guidelines)  | [Link](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/issues/13) | ⏳ In progress |
+| [Regular Expressions](#regular-expressions-guidelines)  | [Link](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/issues/13) | ⏳ In progress |
 | [ReDOS](#denial-of-service-redos--catastrophic-backtracking) | Pending  | ❌ |
-| [SSRF](#server-side-request-forgery-ssrf) | [1](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_url.yml), [2](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_http.yml?ref_type=heads)  | ✅ |
+| [SSRF](#server-side-request-forgery-ssrf) | [1](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_url.yml), [2](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_http.yml?ref_type=heads)  | ✅ |
 | [XSS](#xss-guidelines) | Pending  | ❌ |
-| [Path traversal](#path-traversal-guidelines) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_path_traversal.yml?ref_type=heads) | ✅ |
+| [Path traversal](#path-traversal-guidelines) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_path_traversal.yml?ref_type=heads) | ✅ |
 | [Path traversal](#path-traversal-guidelines) (Go) | Pending  | ❌ |
-| [OS command injection](#os-command-injection-guidelines) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_command_injection.yml?ref_type=heads) | ✅ |
+| [OS command injection](#os-command-injection-guidelines) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_command_injection.yml?ref_type=heads) | ✅ |
 | [OS command injection](#os-command-injection-guidelines) (Go) | Pending | ❌ |
-| [Insecure TLS ciphers](#tls-minimum-recommended-version) | [Link](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_ciphers.yml?ref_type=heads)  | ✅ |
-| [Archive operations](#working-with-archive-files) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_archive_operations.yml?ref_type=heads)  | ✅ |
+| [Insecure TLS ciphers](#tls-minimum-recommended-version) | [Link](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_ciphers.yml?ref_type=heads)  | ✅ |
+| [Archive operations](#working-with-archive-files) (Ruby) | [Link](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/blob/main/secure-coding-guidelines/ruby_insecure_archive_operations.yml?ref_type=heads)  | ✅ |
 | [Archive operations](#working-with-archive-files) (Go) | Pending  | ❌ |
 | [URL spoofing](#url-spoofing) | Pending  | ❌ |
 | [GitLab internal authorization](#gitlab-internal-authorization) | N/A  | N/A |
@@ -50,7 +50,7 @@ MR. Also add the Guideline to the "SAST Coverage" table above.
 
 ### Creating new semgrep rules
 
-1. These should go in the [SAST custom rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/tree/main/secure-coding-guidelines) project.
+1. These should go in the [SAST custom rules](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/sast-custom-rules/-/tree/main/secure-coding-guidelines) project.
 1. Each rule should have a test file with the name set to `rule_name.rb` or `rule_name.go`.
 1. Each rule should have a well-defined `message` field in the YAML file, with clear instructions for the developer.
 1. The severity should be set to `INFO` for low-severity issues not requiring involvement from AppSec, and `WARNING` for issues that require AppSec review. The bot will ping AppSec accordingly.
@@ -1239,7 +1239,7 @@ end
 
 ##### Go
 
-You are encouraged to use the secure archive utilities provided by [LabSec](https://gitlab.com/gitlab-com/gl-security/appsec/labsec) which will handle Zip Slip and symlink vulnerabilities for you. The LabSec utilities are also context aware which makes it possible to cancel or timeout extractions.
+You are encouraged to use the secure archive utilities provided by [LabSec](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/labsec) which will handle Zip Slip and symlink vulnerabilities for you. The LabSec utilities are also context aware which makes it possible to cancel or timeout extractions.
 
 In case the LabSec utilities do not fit your needs, here is an example for extracting a zip file with protection against symlink attacks:
 
@@ -1379,7 +1379,7 @@ Add the new prefix to:
 - [`gitlab/app/assets/javascripts/lib/utils/secret_detection.js`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/javascripts/lib/utils/secret_detection.js)
 - The [GitLab Secret Detection gem](https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-secret_detection)
 - GitLab [secrets SAST analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/secrets)
-- [Tokinator](https://gitlab.com/gitlab-com/gl-security/appsec/tokinator/-/blob/main/CONTRIBUTING.md?ref_type=heads) (internal tool / team members only)
+- [Tokinator](https://gitlab.com/gitlab-com/gl-security/product-security/appsec/tokinator/-/blob/main/CONTRIBUTING.md?ref_type=heads) (internal tool / team members only)
 - [Token Overview](../security/token_overview.md) documentation
 
 ### Examples
diff --git a/doc/install/aws/eks_clusters_aws.md b/doc/install/aws/eks_clusters_aws.md
deleted file mode 100644
index b05749bdde3..00000000000
--- a/doc/install/aws/eks_clusters_aws.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../../solutions/cloud/aws/index.md'
-remove_date: '2024-03-31'
----
-
-This document was moved to [Solutions](../../solutions/cloud/aws/index.md).
-
-<!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
\ No newline at end of file
diff --git a/doc/install/aws/gitlab_hybrid_on_aws.md b/doc/install/aws/gitlab_hybrid_on_aws.md
deleted file mode 100644
index 84474e6615c..00000000000
--- a/doc/install/aws/gitlab_hybrid_on_aws.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../../solutions/cloud/aws/gitlab_instance_on_aws.md'
-remove_date: '2024-03-31'
----
-
-This document was moved to [Solutions](../../solutions/cloud/aws/gitlab_instance_on_aws.md).
-
-<!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
\ No newline at end of file
diff --git a/doc/install/aws/gitlab_sre_for_aws.md b/doc/install/aws/gitlab_sre_for_aws.md
deleted file mode 100644
index 222bcbc1ed8..00000000000
--- a/doc/install/aws/gitlab_sre_for_aws.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../../solutions/cloud/aws/gitaly_sre_for_aws.md'
-remove_date: '2024-03-31'
----
-
-This document was moved to [Solutions](../../solutions/cloud/aws/gitaly_sre_for_aws.md).
-
-<!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
\ No newline at end of file
diff --git a/doc/install/aws/manual_install_aws.md b/doc/install/aws/manual_install_aws.md
deleted file mode 100644
index 0019c8c3472..00000000000
--- a/doc/install/aws/manual_install_aws.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: 'index.md'
-remove_date: '2024-03-31'
----
-
-This document was moved to [AWS](index.md).
-
-<!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
\ No newline at end of file
diff --git a/doc/security/responding_to_security_incidents.md b/doc/security/responding_to_security_incidents.md
index 67a27b29c11..5a55312bd7d 100644
--- a/doc/security/responding_to_security_incidents.md
+++ b/doc/security/responding_to_security_incidents.md
@@ -50,7 +50,7 @@ Security incidents related to credentials exposure can vary in severity from low
 #### Event types
 
 - Review the available [audit events](../administration/audit_event_reports.md) for your group or namespace.
-- Adversaries may attempt to create tokens, SSH keys, or user accounts to maintain persistence. Look for [audit events](../administration/audit_event_streaming/audit_event_types.md) related to these activities.
+- Adversaries may attempt to create tokens, SSH keys, or user accounts to maintain persistence. Look for [audit events](../administration/audit_event_types.md) related to these activities.
 - Focus on CI-related [audit events](../administration/audit_event_types.md#continuous-integration) to identify any modifications to CI/CD variables.
 - Review [job logs](../administration/job_logs.md) for any pipelines ran by an adversary
 
diff --git a/doc/tutorials/website_project_with_analytics/index.md b/doc/tutorials/website_project_with_analytics/index.md
index d4aec5aed2d..67766439407 100644
--- a/doc/tutorials/website_project_with_analytics/index.md
+++ b/doc/tutorials/website_project_with_analytics/index.md
@@ -159,7 +159,7 @@ You and project members with at least the Developer role can view the Insights r
 ## View merge request and issue analytics
 
 In addition to the Insights reports, you can get detailed analytics on the merge requests and issues of your project.
-[Merge request analytics](../../user/analytics/merge_request_analytics.md) and [Issue analytics](../../user/analytics/issue_analytics.md) display charts and tables with metrics such as assignees, merge request throughput, and issue status.
+[Merge request analytics](../../user/analytics/merge_request_analytics.md) and [Issue analytics](../../user/group/issues_analytics/index.md) display charts and tables with metrics such as assignees, merge request throughput, and issue status.
 
 To view merge request and issue analytics, in the `My website` project, select **Analyze > Merge request analytics** or **Analyze > Issue analytics**.
 
diff --git a/doc/user/analytics/dora_metrics.md b/doc/user/analytics/dora_metrics.md
index 7aaa01c81ce..64410770d1a 100644
--- a/doc/user/analytics/dora_metrics.md
+++ b/doc/user/analytics/dora_metrics.md
@@ -241,7 +241,7 @@ The DORA metrics are displayed on the following charts:
 
 - [Value Streams Dashboard](value_streams_dashboard.md), which helps you identify trends, patterns, and opportunities for improvement. DORA metrics are displayed in the [metrics comparison panel](value_streams_dashboard.md#devsecops-metrics-comparison-panel) and the [DORA Performers score panel](value_streams_dashboard.md#dora-performers-score-panel).
 - [CI/CD analytics charts](ci_cd_analytics.md), which show pipeline success rates and duration, and the history of DORA metrics over time.
-- Insights reports for [groups](../group/insights/index.md) and [projects](../group/value_stream_analytics/index.md), where you can also use [DORA query parameters](../../user/project/insights/index.md#dora-query-parameters) to create custom charts.
+- Insights reports for [groups](../project/insights/index.md) and [projects](../group/value_stream_analytics/index.md), where you can also use [DORA query parameters](../../user/project/insights/index.md#dora-query-parameters) to create custom charts.
 
 ### DORA metrics data aggregation
 
diff --git a/doc/user/analytics/issue_analytics.md b/doc/user/analytics/issue_analytics.md
deleted file mode 100644
index 089a5636a52..00000000000
--- a/doc/user/analytics/issue_analytics.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../group/issues_analytics/index.md'
-remove_date: '2024-04-05'
----
-
-This document was moved to [another location](../group/issues_analytics/index.md).
-
-<!-- This redirect file can be deleted after <2024-04-05>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index 0878b24c22f..bb440c2382d 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -290,7 +290,12 @@ triaging. You can group by:
 - Status
 - Severity
 - Tool
-- OWASP top 10 (latest published)
+- OWASP top 10 2017
+
+WARNING:
+Support for grouping by OWASP top 10 2017 was
+[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/458835) in GitLab 17.0 and is planned for
+removal in 17.3. Support for grouping by OWASP top 10 2021 is proposed in [issue 440182](https://gitlab.com/gitlab-org/gitlab/-/issues/440182) for GitLab 17.3.
 
 To group vulnerabilities in the vulnerability report:
 
diff --git a/doc/user/clusters/agent/kas_glossary.md b/doc/user/clusters/agent/kas_glossary.md
deleted file mode 100644
index b21f8590d5e..00000000000
--- a/doc/user/clusters/agent/kas_glossary.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: 'index.md#kubernetes-integration-glossary'
-remove_date: '2024-04-17'
----
-
-This document was moved to [another location](index.md#kubernetes-integration-glossary).
-
-<!-- This redirect file can be deleted after <2024-04-17>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
diff --git a/doc/user/group/import/index.md b/doc/user/group/import/index.md
index 7d05ba7816b..93b3a38766c 100644
--- a/doc/user/group/import/index.md
+++ b/doc/user/group/import/index.md
@@ -118,6 +118,11 @@ There's no exact formula to reliably estimate a migration. However, the average
 | References                  | 5                                            |
 | Push Rule                   | 0.1                                          |
 
+Though it's difficult to predict migration duration, we've seen:
+
+- 100 projects (19.9k issues, 83k merge requests, 100k+ pipelines) migrated in 8 hours.
+- 1926 projects (22k issues, 160k merge requests, 1.1 million pipelines) migrated in 34 hours.
+
 If you are migrating large projects and encounter problems with timeouts or duration of the migration, see [Reducing migration duration](#reducing-migration-duration).
 
 ## Limits
diff --git a/doc/user/group/insights/index.md b/doc/user/group/insights/index.md
deleted file mode 100644
index 0cb1ad093a5..00000000000
--- a/doc/user/group/insights/index.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-redirect_to: '../../project/insights/index.md'
-remove_date: '2024-04-20'
----
-
-This document was moved to [another location](../../project/insights/index.md).
-
-<!-- This redirect file can be deleted after <YYYY-MM-DD>. -->
-<!-- Redirects that point to other docs in the same project expire in three months. -->
-<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
-<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html -->
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index d2001cdaf5a..fc280c06753 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -60,7 +60,7 @@ The following table lists project permissions available for each role:
 
 | Action                                                                                                                                                                                       | Guest | Reporter | Developer | Maintainer | Owner | Notes |
 |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|----------|-----------|------------|-------|-------|
-| [Analytics](analytics/index.md):<br>View [issue analytics](analytics/issue_analytics.md)                                                                                                     | ✓     | ✓        | ✓         | ✓          | ✓     |       |
+| [Analytics](analytics/index.md):<br>View [issue analytics](group/issues_analytics/index.md)                                                                                                     | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | [Analytics](analytics/index.md):<br>View [value stream analytics](group/value_stream_analytics/index.md)                                                                                     | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | [Analytics](analytics/index.md):<br>View [DORA metrics](analytics/ci_cd_analytics.md)                                                                                                        |       | ✓        | ✓         | ✓          | ✓     |       |
 | [Analytics](analytics/index.md):<br>View [CI/CD analytics](analytics/ci_cd_analytics.md)                                                                                                     |       | ✓        | ✓         | ✓          | ✓     |       |
@@ -305,7 +305,7 @@ The following table lists group permissions available for each role:
 | View [group wiki](project/wiki/group.md) pages                                          | ✓     | ✓        | ✓         | ✓          | ✓     | Guests: In addition, if your group is public or internal, all users who can see the group can also see group wiki pages. |
 | View [Insights](project/insights/index.md)                                              | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | View [Insights](project/insights/index.md) charts                                       | ✓     | ✓        | ✓         | ✓          | ✓     |       |
-| View [Issue analytics](analytics/issue_analytics.md)                                    | ✓     | ✓        | ✓         | ✓          | ✓     |       |
+| View [Issue analytics](group/issues_analytics/index.md)                                    | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | View Contribution analytics                                                             | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | View group [epic](group/epics/index.md)                                                 | ✓     | ✓        | ✓         | ✓          | ✓     |       |
 | View value stream analytics                                                             | ✓     | ✓        | ✓         | ✓          | ✓     |       |
diff --git a/doc/user/project/integrations/beyond_identity.md b/doc/user/project/integrations/beyond_identity.md
index 9fd3ab86e5a..c512260242a 100644
--- a/doc/user/project/integrations/beyond_identity.md
+++ b/doc/user/project/integrations/beyond_identity.md
@@ -57,3 +57,27 @@ To skip the push check for [service accounts](../../profile/service_accounts.md)
 1. Select **Beyond Identity**.
 1. Select the **Exclude service accounts** checkbox.
 1. Select **Save changes**.
+
+## Exclude projects from the Beyond Identity check
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/454372) in GitLab 17.0 [with a flag](../../../administration/feature_flags.md) named `beyond_identity_exclusions`. Disabled by default.
+
+FLAG:
+The availability of this feature is controlled by a feature flag.
+For more information, see the history.
+This feature is available for testing, but not ready for production use.
+
+Prerequisites:
+
+- You must have administrator access to the GitLab instance.
+
+To exclude projects from the Beyond Identity check:
+
+1. Sign in to GitLab as an administrator.
+1. On the left sidebar, at the bottom, select **Admin Area**.
+1. Select **Settings > Integrations**.
+1. Select **Beyond Identity**.
+1. Select the **Exclusions** tab.
+1. Select **Add exclusions**.
+1. On the drawer, search and select projects to exclude.
+1. Select **Add exclusions**.
diff --git a/doc/user/project/issues/confidential_issues.md b/doc/user/project/issues/confidential_issues.md
index 7dbfdaee430..8e63291d823 100644
--- a/doc/user/project/issues/confidential_issues.md
+++ b/doc/user/project/issues/confidential_issues.md
@@ -101,4 +101,4 @@ Learn how to create [merge requests for confidential issues](../merge_requests/c
 - [Merge requests for confidential issues](../merge_requests/confidential.md)
 - [Make an epic confidential](../../group/epics/manage_epics.md#make-an-epic-confidential)
 - [Add an internal note](../../discussions/index.md#add-an-internal-note)
-- [Security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer) at GitLab
+- [Security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md#security-releases-critical-non-critical-as-a-developer) at GitLab
diff --git a/doc/user/project/merge_requests/changes.md b/doc/user/project/merge_requests/changes.md
index 1d506f63cb1..a154647a32e 100644
--- a/doc/user/project/merge_requests/changes.md
+++ b/doc/user/project/merge_requests/changes.md
@@ -133,8 +133,8 @@ To temporarily change your viewing preferences for a specific merge request:
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Code > Merge requests** and find your merge request.
 1. Below the merge request title, select **Changes**.
-1. Select **Preferences** (**{settings}**).
-1. Select or clear the **Show one file at a time** checkbox.
+1. Select **Preferences** (**{preferences}**).
+1. Select or clear **Show one file at a time**.
 
 This change overrides your choice in your user preferences. It persists until you
 clear your browser's cookies or change this behavior again.
@@ -154,34 +154,35 @@ merge requests. To view other changed files, either:
 - Scroll to the end of the file and select either **Prev** or **Next**.
 - Select **Show file browser** (**{file-tree}**) and select another file to view.
 
-## Compare changes inline
+## Compare changes
 
-You can view the changes inline:
+You can view the changes in a merge request either:
+
+- Inline, which shows the changes vertically. The old version of a line is shown
+  first, with the new version shown directly below it.
+  Inline mode is often better for changes to single lines.
+- Side-by-side, which shows the old and new versions of lines in separate columns.
+  Side-by-side mode is often better for changes affecting large numbers of sequential lines.
+
+To change how a merge request shows changed lines:
 
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Code > Merge requests** and find your merge request.
 1. Below the title, select **Changes**.
-1. Select **Preferences** (**{settings}**).
-1. In the **Compare changes** area, select **Inline**.
+1. Select **Preferences** (**{preferences}**). Select either **Side-by-side** or **Inline**.
+   This example shows how the same change is rendered in both inline and side-by-side mode:
 
-The changes are displayed after the original text.
+   ::Tabs
 
-![inline changes](img/changes-inline_v14_8.png)
+   :::TabTitle Inline changes
 
-## Compare changes side-by-side
+   ![inline changes](img/changes-inline_v14_8.png)
 
-Depending on the length of the changes in your merge request, you might find it
-easier to view the changes inline, or side-by-side:
+   :::TabTitle Side-by-side changes
 
-1. On the left sidebar, select **Search or go to** and find your project.
-1. Select **Code > Merge requests** and find your merge request.
-1. Below the title, select **Changes**.
-1. Select **Preferences** (**{settings}**).
-1. In the **Compare changes** area, select **Side-by-side**.
+   ![side-by-side changes](img/changes-sidebyside_v14_8.png)
 
-The changes are displayed across from one another.
-
-![side-by-side changes](img/changes-sidebyside_v14_8.png)
+   ::EndTabs
 
 ## Expand or collapse comments
 
@@ -211,8 +212,8 @@ a merge request. You can choose to hide or show whitespace changes:
 1. On the left sidebar, select **Search or go to** and find your project.
 1. Select **Code > Merge requests** and find your merge request.
 1. Below the title, select **Changes**.
-1. Before the list of changed files, select **Preferences** (**{settings}**).
-1. Select or clear the **Show whitespace changes** checkbox:
+1. Before the list of changed files, select **Preferences** (**{preferences}**).
+1. Select or clear **Show whitespace changes**:
 
    ![MR diff](img/merge_request_diff_v14_2.png)
 
diff --git a/doc/user/project/merge_requests/confidential.md b/doc/user/project/merge_requests/confidential.md
index a0e82f88b79..cdc200f8885 100644
--- a/doc/user/project/merge_requests/confidential.md
+++ b/doc/user/project/merge_requests/confidential.md
@@ -22,7 +22,7 @@ developers receive the same permissions in your fork. This inheritance ensures:
 - Developer users have the needed permissions to view confidential issues and resolve them.
 - You do not need grant individual users access to your fork.
 
-The [security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer) at GitLab are available to read.
+The [security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md#security-releases-critical-non-critical-as-a-developer) at GitLab are available to read.
 
 ## Create a confidential merge request
 
@@ -78,4 +78,4 @@ Open a merge request
 - [Confidential issues](../issues/confidential_issues.md)
 - [Make an epic confidential](../../group/epics/manage_epics.md#make-an-epic-confidential)
 - [Add an internal note](../../discussions/index.md#add-an-internal-note)
-- [Security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer) at GitLab
+- [Security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/engineer.md#security-releases-critical-non-critical-as-a-developer) at GitLab
diff --git a/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components.rb b/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components.rb
new file mode 100644
index 00000000000..4992cd345d1
--- /dev/null
+++ b/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    class RemoveNamespaceFromOsTypeSbomComponents < BatchedMigrationJob
+      operation_name :remove_namespace_from_os_type_sbom_components
+      feature_category :software_composition_analysis
+
+      INDEX_NAME = 'index_sbom_components_on_component_type_name_and_purl_type'
+
+      OS_PURL_TYPES = {
+        apk: 9,
+        rpm: 10,
+        deb: 11,
+        'cbl-mariner': 12,
+        wolfi: 13
+      }.with_indifferent_access.freeze
+
+      def perform
+        each_sub_batch do |sub_batch|
+          sub_batch
+            .where(purl_type: OS_PURL_TYPES.values)
+            .where(component_type: 0)
+            .where('name LIKE ?', '%/%')
+            .each do |component| # rubocop:disable Rails/FindEach -- using find_each is not needed here because of the slow iteration implementation
+            component.update!(name: delete_os_namespace_prefix(component.name))
+          rescue ActiveRecord::RecordNotUnique => e # rubocop:disable BackgroundMigration/AvoidSilentRescueExceptions -- we catch a specific known not unique error
+            raise unless e.message.include?(INDEX_NAME)
+
+            Gitlab::BackgroundMigration::Logger.warn(
+              message: "Error updating sbom_component name based on #{INDEX_NAME}",
+              model_id: component.id
+            )
+          end
+        end
+      end
+
+      private
+
+      def delete_os_namespace_prefix(previous_name)
+        _, new_name = previous_name.split('/', 2)
+
+        new_name
+      end
+    end
+  end
+end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index dd88f99f612..6d19ddad3c2 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -27575,6 +27575,15 @@ msgstr ""
 msgid "Integrations|Exclusions"
 msgstr ""
 
+msgid "Integrations|Failed to add the exclusion. Try adding it again."
+msgstr ""
+
+msgid "Integrations|Failed to fetch the exclusions. Try refreshing the page."
+msgstr ""
+
+msgid "Integrations|Failed to remove the exclusion. Try removing it again."
+msgstr ""
+
 msgid "Integrations|GitLab administrators can set up integrations that all groups and projects inherit and use by default. These integrations apply to all groups and projects that don't already use custom settings. You can override custom settings for a group or project if the settings are necessary at that level. Learn more about %{integrations_link_start}instance-level integration management%{link_end}."
 msgstr ""
 
@@ -27593,9 +27602,6 @@ msgstr ""
 msgid "Integrations|Group-level integration management"
 msgstr ""
 
-msgid "Integrations|Groups and projects in this list no longer require commits to be signed."
-msgstr ""
-
 msgid "Integrations|Includes Standard, plus the entire commit message, commit hash, and issue IDs"
 msgstr ""
 
@@ -27623,6 +27629,9 @@ msgstr ""
 msgid "Integrations|Perform common tasks with slash commands."
 msgstr ""
 
+msgid "Integrations|Projects in this list no longer require commits to be signed."
+msgstr ""
+
 msgid "Integrations|Projects using custom settings"
 msgstr ""
 
diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb
index cbc854c7856..a475c73df0d 100644
--- a/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_controller_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe Projects::PipelinesController, feature_category: :continuous_inte
   include ApiHelpers
 
   let_it_be(:user) { create(:user) }
-  let_it_be(:project) { create(:project, :public, :repository) }
+  let_it_be_with_reload(:project) { create(:project, :public, :repository) }
 
   let(:feature) { ProjectFeature::ENABLED }
 
diff --git a/spec/frontend/integrations/beyond_identity/components/add_exclusions_drawer_spec.js b/spec/frontend/integrations/beyond_identity/components/add_exclusions_drawer_spec.js
index 728962f8175..826a087dd72 100644
--- a/spec/frontend/integrations/beyond_identity/components/add_exclusions_drawer_spec.js
+++ b/spec/frontend/integrations/beyond_identity/components/add_exclusions_drawer_spec.js
@@ -76,7 +76,7 @@ describe('AddExclusionsDrawer component', () => {
     it('renders a list selector for projects', () => {
       expect(findProjectsListSelector().props()).toMatchObject({
         type: 'projects',
-        autofocus: false,
+        autofocus: true,
       });
     });
 
diff --git a/spec/frontend/integrations/beyond_identity/components/exclusions_list_spec.js b/spec/frontend/integrations/beyond_identity/components/exclusions_list_spec.js
index 41b90eb1247..060d44ebd8a 100644
--- a/spec/frontend/integrations/beyond_identity/components/exclusions_list_spec.js
+++ b/spec/frontend/integrations/beyond_identity/components/exclusions_list_spec.js
@@ -1,31 +1,65 @@
-import { nextTick } from 'vue';
-import { GlEmptyState } from '@gitlab/ui';
+import Vue from 'vue';
+import VueApollo from 'vue-apollo';
+import { GlEmptyState, GlKeysetPagination } from '@gitlab/ui';
+import { createAlert } from '~/alert';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import fetchExclusions from '~/integrations/beyond_identity/graphql/queries/beyond_identity_exclusions.query.graphql';
+import createExclusion from '~/integrations/beyond_identity/graphql/mutations/create_beyond_identity_exclusion.mutation.graphql';
+import deleteExclusion from '~/integrations/beyond_identity/graphql/mutations/delete_beyond_identity_exclusion.mutation.graphql';
+import createMockApollo from 'helpers/mock_apollo_helper';
+import waitForPromises from 'helpers/wait_for_promises';
 import ExclusionsList from '~/integrations/beyond_identity/components/exclusions_list.vue';
 import AddExclusionsDrawer from '~/integrations/beyond_identity/components/add_exclusions_drawer.vue';
 import ExclusionsTabs from '~/integrations/beyond_identity/components/exclusions_tabs.vue';
 import ExclusionsListItem from '~/integrations/beyond_identity/components/exclusions_list_item.vue';
 import ConfirmRemovalModal from '~/integrations/beyond_identity/components/remove_exclusion_confirmation_modal.vue';
 import showToast from '~/vue_shared/plugins/global_toast';
-import { projectExclusionsMock } from './mock_data';
+import {
+  projectExclusionsMock,
+  fetchExclusionsResponse,
+  createExclusionMutationResponse,
+  deleteExclusionMutationResponse,
+} from './mock_data';
+
+Vue.use(VueApollo);
 
 jest.mock('~/vue_shared/plugins/global_toast');
+jest.mock('~/alert');
 
 describe('ExclusionsList component', () => {
   let wrapper;
+  let fakeApollo;
 
   const findTabs = () => wrapper.findComponent(ExclusionsTabs);
   const findListItems = () => wrapper.findAllComponents(ExclusionsListItem);
+  const findPagination = () => wrapper.findComponent(GlKeysetPagination);
   const findConfirmRemoveModal = () => wrapper.findComponent(ConfirmRemovalModal);
   const findByText = (text) => wrapper.findByText(text);
   const findAddExclusionsButton = () => findByText('Add exclusions');
   const findEmptyState = () => wrapper.findComponent(GlEmptyState);
   const findDrawer = () => wrapper.findComponent(AddExclusionsDrawer);
 
-  const createComponent = () => shallowMountExtended(ExclusionsList);
+  const fetchExclusionsSuccessHandler = jest.fn().mockResolvedValue(fetchExclusionsResponse);
+  const createMutationMock = jest.fn().mockResolvedValue(createExclusionMutationResponse);
+  const deleteMutationMock = jest.fn().mockResolvedValue(deleteExclusionMutationResponse);
 
-  beforeEach(() => {
-    wrapper = createComponent();
+  const createComponent = ({
+    querySuccessHandler = fetchExclusionsSuccessHandler,
+    createSuccessHandler = createMutationMock,
+    deleteSuccessHandler = deleteMutationMock,
+  } = {}) => {
+    fakeApollo = createMockApollo([
+      [fetchExclusions, querySuccessHandler],
+      [createExclusion, createSuccessHandler],
+      [deleteExclusion, deleteSuccessHandler],
+    ]);
+    wrapper = shallowMountExtended(ExclusionsList, { apolloProvider: fakeApollo });
+  };
+
+  beforeEach(async () => {
+    createComponent();
+
+    await waitForPromises();
   });
 
   describe('default behavior', () => {
@@ -35,9 +69,7 @@ describe('ExclusionsList component', () => {
 
     it('renders help text', () => {
       expect(
-        findByText(
-          'Groups and projects in this list no longer require commits to be signed.',
-        ).exists(),
+        findByText('Projects in this list no longer require commits to be signed.').exists(),
       ).toBe(true);
     });
 
@@ -45,16 +77,66 @@ describe('ExclusionsList component', () => {
       expect(findAddExclusionsButton().exists()).toBe(true);
     });
 
-    it('renders an Empty state', () => {
+    it('renders an Empty state', async () => {
+      createComponent({ querySuccessHandler: jest.fn().mockResolvedValue([]) });
+
+      await waitForPromises();
+
       expect(findEmptyState().props('title')).toBe('There are no exclusions');
     });
 
     it('does not render an open drawer', () => {
       expect(findDrawer().props('isOpen')).toBe(false);
     });
+
+    it('does not render pagination by default', () => {
+      expect(findPagination().exists()).toBe(false);
+    });
+
+    describe('pagination', () => {
+      beforeEach(() => {
+        createComponent({
+          querySuccessHandler: jest.fn().mockResolvedValue({
+            data: {
+              integrationExclusions: {
+                nodes: [],
+                pageInfo: {
+                  __typename: 'PageInfo',
+                  startCursor: '12345',
+                  endCursor: '6789',
+                  hasNextPage: true,
+                  hasPreviousPage: true,
+                },
+              },
+            },
+          }),
+        });
+      });
+
+      it('does not render pagination while loading', () => {
+        expect(findPagination().exists()).toBe(false);
+      });
+
+      it('renders pagination when done loading', async () => {
+        await waitForPromises();
+
+        expect(findPagination().exists()).toBe(true);
+      });
+    });
+
+    it('renders an error when fetching exclusions fail', async () => {
+      const error = new Error('Network error!');
+      createComponent({ querySuccessHandler: jest.fn().mockRejectedValue({ error }) });
+
+      await waitForPromises();
+
+      expect(createAlert).toHaveBeenCalledWith({
+        message: 'Failed to fetch the exclusions. Try refreshing the page.',
+      });
+    });
   });
 
-  describe('adding Exclusions', () => {
+  describe('adding Exclusions (success)', () => {
     beforeEach(() => findAddExclusionsButton().vm.$emit('click'));
 
     it('opens a drawer', () => {
@@ -62,26 +144,59 @@ describe('ExclusionsList component', () => {
     });
 
     describe('Exclusions added', () => {
-      beforeEach(() => findDrawer().vm.$emit('add', projectExclusionsMock));
+      beforeEach(async () => {
+        findDrawer().vm.$emit('add', projectExclusionsMock);
+        await waitForPromises();
+      });
 
-      it('lists the added exclusions, sorted by type', async () => {
-        await nextTick();
-
-        expect(findListItems().at(0).props('exclusion')).toMatchObject(projectExclusionsMock[0]);
-        expect(findListItems().at(1).props('exclusion')).toMatchObject(projectExclusionsMock[1]);
+      it('calls a GraphQL mutation to add the exclusions', () => {
+        expect(createMutationMock).toHaveBeenCalledWith({
+          input: {
+            integrationName: 'BEYOND_IDENTITY',
+            projectIds: ['gid://gitlab/Project/1', 'gid://gitlab/Project/2'],
+          },
+        });
       });
 
       it('closes the drawer', () => {
         expect(findDrawer().props('isOpen')).toBe(false);
       });
+
+      it('re-fetches the list of exclusions', () => {
+        expect(fetchExclusionsSuccessHandler).toHaveBeenCalledTimes(2);
+      });
+    });
+
+    describe('Error handling', () => {
+      beforeEach(async () => {
+        const response = {
+          data: {
+            integrationExclusionCreate: {
+              ...createExclusionMutationResponse.data.integrationExclusionCreate,
+              errors: ['some error'],
+            },
+          },
+        };
+
+        createComponent({ createSuccessHandler: jest.fn().mockResolvedValue(response) });
+        findDrawer().vm.$emit('add', projectExclusionsMock);
+        await waitForPromises();
+      });
+
+      it('closes the drawer', () => {
+        expect(findDrawer().props('isOpen')).toBe(false);
+      });
+
+      it('renders an error', () => {
+        expect(createAlert).toHaveBeenCalledWith({
+          message: 'Failed to add the exclusion. Try adding it again.',
+        });
+      });
     });
   });
 
   describe('removing Exclusions', () => {
-    beforeEach(async () => {
-      findAddExclusionsButton().vm.$emit('click');
-      findDrawer().vm.$emit('add', projectExclusionsMock);
-      await nextTick();
+    beforeEach(() => {
       findListItems().at(1).vm.$emit('remove');
     });
 
@@ -94,10 +209,15 @@ describe('ExclusionsList component', () => {
     });
 
     describe('confirmation modal primary action', () => {
-      beforeEach(() => findConfirmRemoveModal().vm.$emit('primary'));
+      beforeEach(async () => {
+        findConfirmRemoveModal().vm.$emit('primary');
+        await waitForPromises();
+      });
 
-      it('removes the exclusion', () => {
-        expect(findListItems().length).toBe(1);
+      it('calls a GraphQL mutation to remove the exclusion', () => {
+        expect(deleteMutationMock).toHaveBeenCalledWith({
+          input: { integrationName: 'BEYOND_IDENTITY', projectId: 'gid://gitlab/Project/2' },
+        });
       });
 
       it('renders a toast', () => {
@@ -109,5 +229,32 @@ describe('ExclusionsList component', () => {
         });
       });
     });
+
+    describe('Error handling', () => {
+      beforeEach(async () => {
+        const response = {
+          data: {
+            integrationExclusionDelete: {
+              ...deleteExclusionMutationResponse.data.integrationExclusionDelete,
+              errors: ['some error'],
+            },
+          },
+        };
+
+        createComponent({ deleteSuccessHandler: jest.fn().mockResolvedValue(response) });
+        await waitForPromises();
+
+        findListItems().at(1).vm.$emit('remove');
+        await waitForPromises();
+        findConfirmRemoveModal().vm.$emit('primary');
+        await waitForPromises();
+      });
+
+      it('renders an error', () => {
+        expect(createAlert).toHaveBeenCalledWith({
+          message: 'Failed to remove the exclusion. Try removing it again.',
+        });
+      });
+    });
   });
 });
diff --git a/spec/frontend/integrations/beyond_identity/components/mock_data.js b/spec/frontend/integrations/beyond_identity/components/mock_data.js
index 9677ea79263..249b50a460f 100644
--- a/spec/frontend/integrations/beyond_identity/components/mock_data.js
+++ b/spec/frontend/integrations/beyond_identity/components/mock_data.js
@@ -7,3 +7,58 @@ export const groupExclusionsMock = [
   { id: 1, name: 'group foo', type: 'group', icon: 'group', avatarUrl: 'group-foo.png' },
   { id: 2, name: 'group bar', type: 'group', icon: 'group', avatarUrl: 'group-bar.png' },
 ];
+
+export const fetchExclusionsResponse = {
+  data: {
+    integrationExclusions: {
+      nodes: [
+        {
+          project: {
+            name: 'project foo',
+            avatarUrl: 'foo.png',
+            id: 'gid://gitlab/Project/1',
+          },
+        },
+        {
+          project: {
+            name: 'project bar',
+            avatarUrl: 'bar.png',
+            id: 'gid://gitlab/Project/2',
+          },
+        },
+      ],
+      pageInfo: {},
+    },
+  },
+};
+
+export const createExclusionMutationResponse = {
+  data: {
+    integrationExclusionCreate: {
+      exclusions: {
+        nodes: [
+          {
+            project: {
+              id: 'gid://gitlab/Project/97',
+              name: 'approval-rules-25096c16cef9687d',
+            },
+          },
+        ],
+      },
+      errors: [],
+    },
+  },
+};
+
+export const deleteExclusionMutationResponse = {
+  data: {
+    integrationExclusionDelete: {
+      exclusion: {
+        project: {
+          name: 'approval-rules-25096c16cef9687d',
+        },
+      },
+      errors: [],
+    },
+  },
+};
diff --git a/spec/frontend/packages_and_registries/package_registry/components/details/package_title_spec.js b/spec/frontend/packages_and_registries/package_registry/components/details/package_title_spec.js
index c2e10d75fc0..8795126ec26 100644
--- a/spec/frontend/packages_and_registries/package_registry/components/details/package_title_spec.js
+++ b/spec/frontend/packages_and_registries/package_registry/components/details/package_title_spec.js
@@ -1,4 +1,4 @@
-import { GlSprintf } from '@gitlab/ui';
+import { GlSprintf, GlBadge } from '@gitlab/ui';
 import { GlBreakpointInstance } from '@gitlab/ui/dist/utils';
 import { nextTick } from 'vue';
 import { createMockDirective, getBinding } from 'helpers/vue_mock_directive';
@@ -39,6 +39,7 @@ describe('PackageTitle', () => {
       provide,
       directives: {
         GlResizeObserver: createMockDirective('gl-resize-observer'),
+        GlTooltip: createMockDirective('gl-tooltip'),
       },
     });
     await nextTick();
@@ -230,4 +231,63 @@ describe('PackageTitle', () => {
       });
     });
   });
+
+  describe('badge "protected"', () => {
+    const createComponentForBadgeProtected = async ({
+      packageEntityPackageProtectionRuleExists = true,
+      glFeaturesPackagesProtectedPackages = true,
+    } = {}) => {
+      await createComponent(
+        {
+          ...packageWithTags,
+          packageProtectionRuleExists: packageEntityPackageProtectionRuleExists,
+        },
+        {
+          ...defaultProvide,
+          glFeatures: { packagesProtectedPackages: glFeaturesPackagesProtectedPackages },
+        },
+      );
+    };
+
+    const findBadgeProtected = () => wrapper.findComponent(GlBadge);
+
+    describe('when a protection rule exists for the given package', () => {
+      it('shows badge', () => {
+        createComponentForBadgeProtected();
+
+        expect(findBadgeProtected().exists()).toBe(true);
+        expect(findBadgeProtected().text()).toBe('protected');
+      });
+
+      it('binds tooltip directive', () => {
+        createComponentForBadgeProtected();
+
+        const badgeProtectionRuleExistsTooltipBinding = getBinding(
+          findBadgeProtected().element,
+          'gl-tooltip',
+        );
+        expect(badgeProtectionRuleExistsTooltipBinding.value).toMatchObject({
+          title: 'A protection rule exists for this package.',
+        });
+      });
+    });
+
+    describe('when no protection rule exists for the given package', () => {
+      it('does not show badge', () => {
+        createComponentForBadgeProtected({
+          packageEntityPackageProtectionRuleExists: false,
+        });
+
+        expect(findBadgeProtected().exists()).toBe(false);
+      });
+    });
+
+    describe('when feature flag ":packages_protected_packages" is disabled', () => {
+      it('does not show badge', () => {
+        createComponentForBadgeProtected({ glFeaturesPackagesProtectedPackages: false });
+
+        expect(findBadgeProtected().exists()).toBe(false);
+      });
+    });
+  });
 });
diff --git a/spec/frontend/packages_and_registries/package_registry/mock_data.js b/spec/frontend/packages_and_registries/package_registry/mock_data.js
index f9a5933788f..9aabd0c2b2e 100644
--- a/spec/frontend/packages_and_registries/package_registry/mock_data.js
+++ b/spec/frontend/packages_and_registries/package_registry/mock_data.js
@@ -166,6 +166,7 @@ export const packageData = (extend) => ({
     'http://__token__:<your_personal_token>@gdk.test:3000/api/v4/projects/1/packages/pypi/simple',
   publicPackage: false,
   pypiSetupUrl: 'http://gdk.test:3000/api/v4/projects/1/packages/pypi',
+  packageProtectionRuleExists: false,
   ...userPermissionsData,
   ...extend,
 });
diff --git a/spec/initializers/grpc_patch_spec.rb b/spec/initializers/grpc_patch_spec.rb
deleted file mode 100644
index 90d1269e4c1..00000000000
--- a/spec/initializers/grpc_patch_spec.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe 'GRPC monkey patch', feature_category: :shared do
-  let(:server) { GRPC::RpcServer.new }
-  let(:stub) do
-    Class.new(Gitaly::CommitService::Service) do
-      def find_all_commits(_request, _call)
-        sleep 1
-
-        nil
-      end
-    end
-  end
-
-  it 'raises DeadlineExceeded on a late server streaming response' do
-    server_port = server.add_http2_port('0.0.0.0:0', :this_port_is_insecure)
-    host = "localhost:#{server_port}"
-    server.handle(stub)
-    thr = Thread.new { server.run }
-
-    stub = Gitaly::CommitService::Stub.new(host, :this_channel_is_insecure)
-    request = Gitaly::FindAllCommitsRequest.new
-    response = stub.find_all_commits(request, deadline: Time.now + 0.1)
-    expect { response.to_a }.to raise_error(GRPC::DeadlineExceeded)
-
-    server.stop
-    thr.join
-  end
-end
diff --git a/spec/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components_spec.rb b/spec/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components_spec.rb
new file mode 100644
index 00000000000..c02255a8657
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/remove_namespace_from_os_type_sbom_components_spec.rb
@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::RemoveNamespaceFromOsTypeSbomComponents, feature_category: :software_composition_analysis do
+  let(:components) { table(:sbom_components) }
+  let(:expected) do
+    (0...os_prefix_to_purl_type_mapping.size).map { |n| "package-#{n}" }
+  end
+
+  let(:os_prefix_to_purl_type_mapping) do
+    {
+      alma: 10,
+      alpine: 9,
+      amazon: 10,
+      'cbl-mariner': 12,
+      centos: 10,
+      chainguard: 9,
+      debian: 11,
+      fedora: 10,
+      opensuse: 10,
+      'opensuse.leap': 10,
+      'opensuse.tumbleweed': 10,
+      oracle: 10,
+      photon: 10,
+      redhat: 10,
+      rocky: 10,
+      'suse%20linux%20enterprise%20server': 10,
+      'suse+linux+enterprise+server': 10,
+      ubuntu: 11,
+      wolfi: 13
+    }.with_indifferent_access.freeze
+  end
+
+  before do
+    os_prefix_to_purl_type_mapping.each.with_index do |(namespace, purl_type), index|
+      components.create!(name: "#{namespace}/package-#{index}", purl_type: purl_type, component_type: 0)
+    end
+  end
+
+  describe '#perform' do
+    subject(:perform_migration) do
+      described_class.new(
+        start_id: components.first.id,
+        end_id: components.last.id,
+        batch_table: :sbom_components,
+        batch_column: :id,
+        sub_batch_size: components.count,
+        pause_ms: 0,
+        connection: ActiveRecord::Base.connection
+      ).perform
+    end
+
+    it 'succesfully removes the os namespace prefix' do
+      expect(Gitlab::BackgroundMigration::Logger).not_to receive(:warn)
+
+      expect { perform_migration }.not_to raise_error
+
+      expect(components.pluck(:name)).to match_array(expected)
+    end
+
+    context 'with existing record in regards to name, purl_type and component_type' do
+      before do
+        components.create!(name: 'alpine/curl', purl_type: 9, component_type: 0)
+        components.create!(name: 'curl', purl_type: 9, component_type: 0)
+      end
+
+      it 'rescues valid ActiveRecord::RecordNotUnique errors' do
+        expect(Gitlab::BackgroundMigration::Logger).to receive(:warn)
+
+        expect { perform_migration }.not_to raise_error
+
+        expect(components.pluck(:name)).to include(*expected)
+        expect(components.pluck(:name)).to include('alpine/curl', 'curl')
+      end
+    end
+
+    context 'with unexpected ActiveRecord::RecordNotUnique error' do
+      before do
+        allow(ActiveRecord::RecordNotUnique).to receive(:new).and_wrap_original do |m, *_args|
+          m.call('some other not unique error')
+        end
+
+        components.create!(name: 'alpine/curl', purl_type: 9, component_type: 0)
+        components.create!(name: 'curl', purl_type: 9, component_type: 0)
+      end
+
+      it 'raises unknown ActiveRecord::RecordNotUnique errors' do
+        expect { perform_migration }.to raise_error(ActiveRecord::RecordNotUnique)
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/gitaly_client_spec.rb b/spec/lib/gitlab/gitaly_client_spec.rb
index 5ff3bc20bc1..56b2f983a23 100644
--- a/spec/lib/gitlab/gitaly_client_spec.rb
+++ b/spec/lib/gitlab/gitaly_client_spec.rb
@@ -187,8 +187,8 @@ RSpec.describe Gitlab::GitalyClient, feature_category: :gitaly do
     where(:storage, :address, :expected_target) do
       [
         ['default', 'unix:tmp/gitaly.sock', 'unix:tmp/gitaly.sock'],
-        ['default', 'tcp://localhost:9876', 'localhost:9876'],
-        ['default', 'tls://localhost:9876', 'localhost:9876'],
+        ['default', 'tcp://localhost:9876', 'dns:///localhost:9876'],
+        ['default', 'tls://localhost:9876', 'dns:///localhost:9876'],
         ['default', 'dns:///localhost:9876', 'dns:///localhost:9876'],
         ['default', 'dns:localhost:9876', 'dns:localhost:9876'],
         ['default', 'dns://1.1.1.1/localhost:9876', 'dns://1.1.1.1/localhost:9876']
@@ -275,7 +275,7 @@ RSpec.describe Gitlab::GitalyClient, feature_category: :gitaly do
 
       it 'strips tls:// prefix before passing it to GRPC::Core::Channel initializer' do
         expect(Gitaly::CommitService::Stub).to receive(:new).with(
-          address, nil, channel_override: be_a(GRPC::Core::Channel), interceptors: []
+          "dns:///#{address}", nil, channel_override: be_a(GRPC::Core::Channel), interceptors: []
         )
 
         described_class.stub(:commit_service, 'default')
@@ -299,7 +299,7 @@ RSpec.describe Gitlab::GitalyClient, feature_category: :gitaly do
 
       it 'strips tcp:// prefix before passing it to GRPC::Core::Channel initializer' do
         expect(Gitaly::CommitService::Stub).to receive(:new).with(
-          address, nil, channel_override: be_a(GRPC::Core::Channel), interceptors: []
+          "dns:///#{address}", nil, channel_override: be_a(GRPC::Core::Channel), interceptors: []
         )
 
         described_class.stub(:commit_service, 'default')
diff --git a/spec/migrations/20240425205205_queue_remove_namespace_from_os_type_sbom_components_spec.rb b/spec/migrations/20240425205205_queue_remove_namespace_from_os_type_sbom_components_spec.rb
new file mode 100644
index 00000000000..4755254fbe3
--- /dev/null
+++ b/spec/migrations/20240425205205_queue_remove_namespace_from_os_type_sbom_components_spec.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe QueueRemoveNamespaceFromOsTypeSbomComponents, feature_category: :software_composition_analysis do
+  let!(:batched_migration) { described_class::MIGRATION }
+
+  it 'schedules a new batched migration' do
+    reversible_migration do |migration|
+      migration.before -> {
+        expect(batched_migration).not_to have_scheduled_batched_migration
+      }
+
+      migration.after -> {
+        expect(batched_migration).to have_scheduled_batched_migration(
+          table_name: :sbom_components,
+          column_name: :id,
+          interval: described_class::DELAY_INTERVAL,
+          batch_size: described_class::BATCH_SIZE,
+          sub_batch_size: described_class::SUB_BATCH_SIZE
+        )
+      }
+    end
+  end
+end
diff --git a/spec/migrations/db/post_migrate/20240424183213_backfill_deployment_approval_data_spec.rb b/spec/migrations/db/post_migrate/20240424183213_backfill_deployment_approval_data_spec.rb
new file mode 100644
index 00000000000..58ecc27472d
--- /dev/null
+++ b/spec/migrations/db/post_migrate/20240424183213_backfill_deployment_approval_data_spec.rb
@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe BackfillDeploymentApprovalData, :aggregate_failures,
+  feature_category: :environment_management do
+  let(:pear) { table(:protected_environment_approval_rules) }
+
+  let!(:user) { table(:users).create!(email: 'user1@example.com', username: 'user1', projects_limit: 100) }
+  let(:namespace) { table(:namespaces).create!(name: 'name', path: 'path') }
+  let(:other_namespace) { table(:namespaces).create!(name: 'othername', path: 'otherpath') }
+
+  let(:project) do
+    table(:projects).create!(
+      name: 'My project name', description: 'My description',
+      namespace_id: namespace.id, project_namespace_id: namespace.id
+    )
+  end
+
+  let!(:protected_environment_1) do
+    create_protected_environment('env1', required_approval_count: 6).tap do |p_env|
+      create_deploy_access_level_for_role(p_env, Gitlab::Access::MAINTAINER)
+    end
+  end
+
+  let!(:protected_environment_2) do
+    create_protected_environment('env2', required_approval_count: 7).tap do |p_env|
+      create_deploy_access_level_for_user(p_env, user.id)
+    end
+  end
+
+  let!(:protected_environment_3) do
+    create_protected_environment('env3', required_approval_count: 8).tap do |p_env|
+      # group_inheritance_type is based on ProtectedEnvironments::Authorizable::GROUP_INHERITANCE_TYPE
+      create_deploy_access_level_for_group(p_env, namespace.id, 0)
+      create_deploy_access_level_for_group(p_env, other_namespace.id, 1)
+    end
+  end
+
+  let!(:protected_environment_4) do
+    create_protected_environment('env4', required_approval_count: 17).tap do |p_env|
+      create_deploy_access_level_for_user(p_env, user.id)
+
+      pear.create!(
+        protected_environment_id: p_env.id,
+        access_level: Gitlab::Access::DEVELOPER,
+        required_approvals: 10
+      )
+    end
+  end
+
+  let!(:protected_environment_5) do
+    create_protected_environment('env5', required_approval_count: 0)
+  end
+
+  let!(:protected_environment_6) do
+    create_protected_environment('env6', required_approval_count: 12)
+  end
+
+  before do
+    stub_const("#{described_class}::BATCH_SIZE", 2)
+  end
+
+  it 'creates new approval rules for relevant protected_enviroments per deploy_access_level' do
+    # Here we are migrating the following:
+    #   - protected_environment_1 - 1 rule for maintainer
+    #   - protected_environment_2 - 1 rule for user
+    #   - protected_environment_3 - 2 rules for 2 groups, with different group_inheritance_types
+    #   - protected_environment_4 - 0 rules since this environment already has approval rules
+    #   - protected_environment_5 - 0 rules since the required_approval_count=0
+    #   - protected_environment_6 - 0 rules since this does not have a deploy_access_level
+    expect { migrate! }.to change { pear.count }.by(4)
+
+    # protected_environment with deploy_access_level for role
+    env1_pears = pear.where(protected_environment_id: protected_environment_1.id)
+    expect(env1_pears.count).to eq(1)
+    expect(env1_pears.first.attributes).to include(
+      'required_approvals' => 6,
+      'access_level' => Gitlab::Access::MAINTAINER,
+      'user_id' => nil,
+      'group_id' => nil,
+      'group_inheritance_type' => 0
+    )
+
+    # protected_environment with deploy_access_level for user
+    env2_pears = pear.where(protected_environment_id: protected_environment_2.id)
+    expect(env2_pears.count).to eq(1)
+    expect(env2_pears.first.attributes).to include(
+      'required_approvals' => 7,
+      'access_level' => nil,
+      'user_id' => user.id,
+      'group_id' => nil,
+      'group_inheritance_type' => 0
+    )
+
+    # protected_environment with deploy_access_level for groups
+    env3_pears = pear.where(protected_environment_id: protected_environment_3.id).order(:id)
+    expect(env3_pears.count).to eq(2)
+    expect(env3_pears.first.attributes).to include(
+      'required_approvals' => 8,
+      'access_level' => nil,
+      'user_id' => nil,
+      'group_id' => namespace.id,
+      'group_inheritance_type' => 0
+    )
+    expect(env3_pears.second.attributes).to include(
+      'required_approvals' => 8,
+      'access_level' => nil,
+      'user_id' => nil,
+      'group_id' => other_namespace.id,
+      'group_inheritance_type' => 1
+    )
+
+    # protected_environment with an existing approval rule
+    # the existing approval_rule should not be changed or added to by the migration
+    env4_pears = pear.where(protected_environment_id: protected_environment_4.id)
+    expect(env4_pears.count).to eq(1)
+    expect(env4_pears.first.attributes).to include(
+      'required_approvals' => 10,
+      'access_level' => Gitlab::Access::DEVELOPER,
+      'user_id' => nil,
+      'group_id' => nil,
+      'group_inheritance_type' => 0
+    )
+
+    # protected_environment with required_approval_count = 0
+    env5_pears = pear.where(protected_environment_id: protected_environment_5.id)
+    expect(env5_pears.count).to eq(0)
+
+    # protected_environment with required_approval_count > 0, but without any deploy_access_levels
+    env6_pears = pear.where(protected_environment_id: protected_environment_6.id)
+    expect(env6_pears.count).to eq(0)
+  end
+
+  def create_protected_environment(name, required_approval_count:)
+    table(:protected_environments).create!(
+      project_id: project.id,
+      name: name,
+      required_approval_count: required_approval_count
+    )
+  end
+
+  def create_deploy_access_level_for_role(protected_environment, access_level)
+    table(:protected_environment_deploy_access_levels).create!(
+      protected_environment_id: protected_environment.id,
+      access_level: access_level
+    )
+  end
+
+  def create_deploy_access_level_for_user(protected_environment, user_id)
+    table(:protected_environment_deploy_access_levels).create!(
+      protected_environment_id: protected_environment.id,
+      user_id: user_id
+    )
+  end
+
+  def create_deploy_access_level_for_group(protected_environment, group_id, group_inheritance_type)
+    table(:protected_environment_deploy_access_levels).create!(
+      protected_environment_id: protected_environment.id,
+      group_id: group_id,
+      group_inheritance_type: group_inheritance_type
+    )
+  end
+end
diff --git a/spec/policies/ci/pipeline_policy_spec.rb b/spec/policies/ci/pipeline_policy_spec.rb
index 7475cda5cf9..9e1794fdcf6 100644
--- a/spec/policies/ci/pipeline_policy_spec.rb
+++ b/spec/policies/ci/pipeline_policy_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integration do
-  let(:user) { create(:user) }
+  let_it_be(:user) { create(:user) }
   let(:pipeline) { create(:ci_empty_pipeline, project: project) }
 
   let(:policy) do
@@ -12,11 +12,7 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
 
   describe 'rules' do
     describe 'rules for protected ref' do
-      let(:project) { create(:project, :repository) }
-
-      before do
-        project.add_developer(user)
-      end
+      let(:project) { create(:project, :repository, developers: user) }
 
       context 'when no one can push or merge to the branch' do
         before do
@@ -66,7 +62,7 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
     end
 
     context 'when maintainer is allowed to push to pipeline branch' do
-      let(:project) { create(:project, :public) }
+      let_it_be(:project) { create(:project, :public) }
       let(:owner) { user }
 
       it 'enables update_pipeline if user is maintainer' do
@@ -79,7 +75,7 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
     end
 
     context 'when user does not have access to internal CI' do
-      let(:project) { create(:project, :builds_disabled, :public) }
+      let_it_be(:project) { create(:project, :builds_disabled, :public) }
 
       it 'disallows the user from reading the pipeline' do
         expect(policy).to be_disallowed :read_pipeline
@@ -87,10 +83,10 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
     end
 
     describe 'destroy_pipeline' do
-      let(:project) { create(:project, :public) }
+      let_it_be(:project) { create(:project, :public) }
 
       context 'when user has owner access' do
-        let(:user) { project.first_owner }
+        let_it_be(:user) { project.first_owner }
 
         it 'is enabled' do
           expect(policy).to be_allowed :destroy_pipeline
@@ -105,10 +101,10 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
     end
 
     describe 'read_pipeline_variable' do
-      let(:project) { create(:project, :public) }
+      let_it_be_with_reload(:project) { create(:project, :public, developers: user) }
 
       context 'when user has owner access' do
-        let(:user) { project.first_owner }
+        let_it_be(:user) { project.first_owner }
 
         it 'is enabled' do
           expect(policy).to be_allowed :read_pipeline_variable
@@ -116,10 +112,9 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
       end
 
       context 'when user is developer and the creator of the pipeline' do
-        let(:pipeline) { create(:ci_empty_pipeline, project: project, user: user) }
+        let_it_be(:pipeline) { create(:ci_empty_pipeline, project: project, user: user) }
 
         before do
-          project.add_developer(user)
           create(:protected_branch, :developers_can_merge, name: pipeline.ref, project: project)
         end
 
@@ -129,10 +124,9 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
       end
 
       context 'when user is developer and it is not the creator of the pipeline' do
-        let(:pipeline) { create(:ci_empty_pipeline, project: project, user: project.first_owner) }
+        let_it_be(:pipeline) { create(:ci_empty_pipeline, project: project, user: project.first_owner) }
 
         before do
-          project.add_developer(user)
           create(:protected_branch, :developers_can_merge, name: pipeline.ref, project: project)
         end
 
@@ -149,10 +143,9 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
     end
 
     describe 'read_dependency' do
-      let(:project) { create(:project, :repository) }
+      let_it_be_with_reload(:project) { create(:project, :repository, developers: user) }
 
       before do
-        project.add_developer(user)
         allow(policy).to receive(:can?).with(:read_dependency, project).and_return(can_read_project_dependencies)
       end
 
@@ -172,5 +165,55 @@ RSpec.describe Ci::PipelinePolicy, :models, feature_category: :continuous_integr
         end
       end
     end
+
+    describe 'read_build' do
+      let_it_be_with_reload(:project) { create(:project, :repository) }
+
+      before do
+        allow(policy).to receive(:can?).with(:read_build, project).and_return(can_read_project_build)
+      end
+
+      context 'when user has read project build permission' do
+        let(:can_read_project_build) { true }
+
+        it 'is enabled' do
+          expect(policy).to be_allowed :read_build
+        end
+      end
+
+      context 'when the user does not have read project build permission' do
+        let(:can_read_project_build) { false }
+
+        it 'is disabled' do
+          expect(policy).not_to be_allowed :read_build
+        end
+
+        context 'and the pipeline is external' do
+          before do
+            pipeline.update!(source: :external)
+          end
+
+          context 'and the user is a guest' do
+            before_all do
+              project.add_guest(user)
+            end
+
+            it 'is disabled' do
+              expect(policy).not_to be_allowed :read_build
+            end
+          end
+
+          context 'and the user is a reporter' do
+            before_all do
+              project.add_reporter(user)
+            end
+
+            it 'is enabled' do
+              expect(policy).to be_allowed :read_build
+            end
+          end
+        end
+      end
+    end
   end
 end
diff --git a/spec/requests/api/graphql/project/packages_spec.rb b/spec/requests/api/graphql/project/packages_spec.rb
index ad94d285182..16a6beaba46 100644
--- a/spec/requests/api/graphql/project/packages_spec.rb
+++ b/spec/requests/api/graphql/project/packages_spec.rb
@@ -90,7 +90,7 @@ RSpec.describe 'getting a package list for a project', feature_category: :packag
         post_graphql(query, current_user: current_user)
       end
 
-      it 'returns no package protection rules' do
+      it 'returns false for the field packageProtectionRuleExists for each package' do
         graphql_data_at(resource_type, :packages, :nodes).each do |package|
           expect(package['packageProtectionRuleExists']).to eq false
         end
diff --git a/spec/requests/projects/packages/packages_controller_spec.rb b/spec/requests/projects/packages/packages_controller_spec.rb
index 5a3dcbfe72c..f48d2a8d203 100644
--- a/spec/requests/projects/packages/packages_controller_spec.rb
+++ b/spec/requests/projects/packages/packages_controller_spec.rb
@@ -30,4 +30,27 @@ RSpec.describe Projects::Packages::PackagesController, feature_category: :packag
       it { is_expected.to have_pushed_frontend_feature_flags(packagesProtectedPackages: false) }
     end
   end
+
+  describe 'GET #show' do
+    let_it_be(:package) { create(:package, project: project) }
+
+    subject do
+      get namespace_project_package_path(namespace_id: project.namespace, project_id: project, id: package.id)
+      response
+    end
+
+    it { is_expected.to have_gitlab_http_status(:ok) }
+
+    it { is_expected.to have_attributes(body: have_pushed_frontend_feature_flags(packagesProtectedPackages: true)) }
+
+    context 'when feature flag "packages_protected_packages" is disabled' do
+      before do
+        stub_feature_flags(packages_protected_packages: false)
+      end
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it { is_expected.to have_attributes(body: have_pushed_frontend_feature_flags(packagesProtectedPackages: false)) }
+    end
+  end
 end
diff --git a/spec/support/helpers/user_with_namespace_shim.yml b/spec/support/helpers/user_with_namespace_shim.yml
index ca5f78ea5d1..872733c4d2d 100644
--- a/spec/support/helpers/user_with_namespace_shim.yml
+++ b/spec/support/helpers/user_with_namespace_shim.yml
@@ -172,7 +172,6 @@
 - ee/spec/models/ee/pages_domain_spec.rb
 - ee/spec/models/ee/project_member_spec.rb
 - ee/spec/models/ee/project_spec.rb
-- ee/spec/models/ee/project_wiki_spec.rb
 - ee/spec/models/elastic/migration_record_spec.rb
 - ee/spec/models/epic_spec.rb
 - ee/spec/models/gitlab_subscription_spec.rb
diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml
index d1a7a19b39b..7a530c8936c 100644
--- a/spec/support/rspec_order_todo.yml
+++ b/spec/support/rspec_order_todo.yml
@@ -1604,7 +1604,6 @@
 - './ee/spec/models/ee/project_authorization_spec.rb'
 - './ee/spec/models/ee/project_group_link_spec.rb'
 - './ee/spec/models/ee/project_setting_spec.rb'
-- './ee/spec/models/ee/project_wiki_spec.rb'
 - './ee/spec/models/ee/protected_branch_spec.rb'
 - './ee/spec/models/ee/protected_ref_spec.rb'
 - './ee/spec/models/ee/release_spec.rb'