Implement `latest_failed_security_builds` method on Ci::Pipeline

ee/app/models/ee/ci/pipeline.rb

@@ -160,6 +160,11 @@ module EE
         merge_request_pipeline? && merge_train_ref?
       end
 
+      def latest_failed_security_builds
+        security_builds.select(&:latest?)
+                       .select(&:failed?)
+      end
+
       private
 
       def project_has_subscriptions?
@@ -175,6 +180,10 @@ module EE
         feature_names = REPORT_LICENSED_FEATURES.fetch(file_type)
         feature_names.nil? || feature_names.any? { |feature| project.feature_available?(feature) }
       end
+
+      def security_builds
+        @security_builds ||= ::Security::SecurityJobsFinder.new(pipeline: self).execute
+      end
     end
   end
 end

ee/spec/models/ci/pipeline_spec.rb

@@ -495,4 +495,21 @@ RSpec.describe Ci::Pipeline do
       it { is_expected.to eq(:detached) }
     end
   end
+
+  describe '#latest_failed_security_builds' do
+    let(:sast_build) { create(:ee_ci_build, :sast, :failed, pipeline: pipeline) }
+    let(:dast_build) { create(:ee_ci_build, :sast, pipeline: pipeline) }
+    let(:retried_sast_build) { create(:ee_ci_build, :sast, :failed, :retried, pipeline: pipeline) }
+    let(:expected_builds) { [sast_build] }
+
+    before do
+      allow_next_instance_of(::Security::SecurityJobsFinder) do |finder|
+        allow(finder).to receive(:execute).and_return([sast_build, dast_build, retried_sast_build])
+      end
+    end
+
+    subject { pipeline.latest_failed_security_builds }
+
+    it { is_expected.to match_array(expected_builds) }
+  end
 end