Mark Vulnerability Resolution code commits / MRs as AI-generated by GitLab Duo

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Release notes

Problem to solve

GitLab Duo Vulnerability Resolution (VR) generates a MR with AI-powered code inside to fix vulnerabilities. Currently, this MR and Git commit is created with the same user who initiated the VR action.

For liability and regulations reasons, it can be important for customers to determine whether the code was AI or human-generated.

Proposal

Create a GitLab Duo bot account on the instance (SM, Dedicated) or group (GitLab.com), and make it the Git commit author/committer of VR generated patches in a MR. Eventually, also make it the MR author if that does not block MR actions.

Intended users

• Sasha (Software Developer)
• Priyanka (Platform Engineer)
• Amy (Application Security Engineer)
• Alex (Security Operations Engineer)
• Cameron (Compliance Manager)

Feature Usage Metrics

Does this feature require an audit event?