diff --git a/ee/app/models/concerns/security/policies/vulnerability_management.rb b/ee/app/models/concerns/security/policies/vulnerability_management.rb
new file mode 100644
index 0000000000000000000000000000000000000000..1ed679569fbec3d63ec25bc17674deb82fa17a65
--- /dev/null
+++ b/ee/app/models/concerns/security/policies/vulnerability_management.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Security
+  module Policies
+    module VulnerabilityManagement
+      extend ActiveSupport::Concern
+
+      included do
+        scope :auto_resolve_policies, -> do
+          type_vulnerability_management_policy
+            .undeleted
+            .enabled
+            .where("content -> 'actions' @> ?", [{ "type" => "auto_resolve" }].to_json)
+        end
+
+        scope :auto_resolve_policies_with_rules, -> do
+          auto_resolve_policies
+            .includes(:vulnerability_management_policy_rules)
+        end
+      end
+    end
+  end
+end
diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb
index 9847deb86b53fe702ec19209741f9f565d2b798a..63994f6f1fd1eb87a7cb50f58ec5a5a24975f625 100644
--- a/ee/app/models/ee/project.rb
+++ b/ee/app/models/ee/project.rb
@@ -143,6 +143,8 @@ def lock_for_confirmation!(id)
 
       has_many :security_policy_project_links, class_name: 'Security::PolicyProjectLink', inverse_of: :project
       has_many :security_policies, class_name: 'Security::Policy', through: :security_policy_project_links
+      has_many :vulnerability_management_policies, -> { type_vulnerability_management_policy },
+        class_name: 'Security::Policy', through: :security_policy_project_links, source: :security_policy
 
       has_many :approval_policy_rule_project_links,
         class_name: 'Security::ApprovalPolicyRuleProjectLink',
diff --git a/ee/app/models/security/policy.rb b/ee/app/models/security/policy.rb
index 9897ed3580ab0edf4d3bf70e156a3ff4a2a450ec..e0e7f38d98ba824893d0cb108ab3042f55cdf940 100644
--- a/ee/app/models/security/policy.rb
+++ b/ee/app/models/security/policy.rb
@@ -3,7 +3,7 @@
 module Security
   class Policy < ApplicationRecord
     include EachBatch
-    include Security::VulnerabilityManagementPolicy
+    include Security::Policies::VulnerabilityManagement
 
     self.table_name = 'security_policies'
     self.inheritance_column = :_type_disabled
diff --git a/ee/app/services/vulnerabilities/auto_resolve_service.rb b/ee/app/services/vulnerabilities/auto_resolve_service.rb
index 5fcfe84ad387f305bf5f461e69a9312f06663905..da3148debdcc9cb91078738c5f206737980a7e98 100644
--- a/ee/app/services/vulnerabilities/auto_resolve_service.rb
+++ b/ee/app/services/vulnerabilities/auto_resolve_service.rb
@@ -39,12 +39,17 @@ def rules_by_vulnerability
     strong_memoize_attr :rules_by_vulnerability
 
     def policies
-      project.security_policies.auto_resolve_policies_with_rules
+      project
+        .vulnerability_management_policies
+        .auto_resolve_policies_with_rules
     end
 
     def rules
-      project.security_policies.no_longer_detected_rules
+      policies
+        .flat_map(&:vulnerability_management_policy_rules)
+        .select(&:type_no_longer_detected?)
     end
+    strong_memoize_attr :rules
 
     def resolve_vulnerabilities
       return if vulnerabilities_to_resolve.empty?