UAT for Vulnerability Resolution in the Merge Request and Activity Filtering

This issue tracks User Acceptance Testing (UAT) for Vulnerability Resolution in the Merge Request. The goal of UAT is:

to validate that the product corresponds with the needs of users (defined at the product discovery stage) and is ready for launch

Entry Criteria

All related developments completed to support end-to-end functionality according to Enable Vulnerability Resolution in the Merge Re... (&14862 - closed)

Exit / Acceptance Criteria

• Successful execution of tests and confirmation by groupstatic analysis - DRI: @mbenayoun
• Successful execution of tests and confirmation by groupsecurity insights - DRI: @dpisek @subashis
• Successful execution of tests and confirmation by groupvulnerability research - DRI: @dbolkensteyn
• Successful execution of tests and confirmation by groupprodsec - DRI: [TBD by @dcouture ]

Test Cases

1. Initiate MRs for 5 CWEs, which are covered by the engine. For each one, test:
   1. The user can use the VR in the MR feature.
   2. Once used, a new AI-generated MR fix is created
   3. The user receives a message about the MR and the fix.
   4. New AI-generated MR fix the issue and does not break functionality.
   5. AI-generated MR is merged successfully.
2. Initiate MRs for 3 CWEs, which are NOT covered by the engine.
   1. Validate correct message to the user

Test Projects

1. https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/cwe-samples
2. https://gitlab.com/gitlab-org/security-products/oxeye/dogfooding/generic/oxeye-rulez/-/security/vulnerability_report
3. https://staging.gitlab.com/ai-evaluation/etv

Dashboards

1. Usage: https://10az.online.tableau.com/#/site/gitlab/views/SlashUseDuo/SlashUseDashboard?:iid=1
2. Errors: https://log.gprd.gitlab.net/app/dashboards#/view/c7310b17-5101-4be9-a83c-7a1ec773ff91?\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\_g=h@2294574

Demos

1. Vulnerability Resolution
2. Vulnerability Resolution in the Merge Request
3. Vulnerability Resolution Activity Filter &15036 (comment 2178192094)

Reference Issues with Test Cases and Environment settings

1. 17.5 Duo Enterprise Testing Checklist (#496482 - closed)
2. Technical Debt Manual Test Checklist (#500642 - closed)
3. Confirm VR Filtering Permissions for Group and ... (#498536 - closed)
4. Self Manage Instance Testing (#499474 - closed)