Vulnerability Explanation in the Security finding widget in the MR workflow

Proposal

While Vulnerability Resolution is now available in the MR workflow via &14862 (closed) (docs), Vulnerability explanation is only available when looking at a SAST vulnerability within the vulnerability details page. As the vulnerability details only shows vulnerabilities associated with the default (main) branch, developers are unable to take immediate action on detected vulnerabilities that appear in the MR widget since these vulnerabilities are detected on the source branch on the MR. This defeats the shift-left purpose of integrating security into the developer workflow, instead they need to be able to look at a SAST vulnerability in the MR widget vulnerability page, that they may have introduced themselves, and select explain vulnerability and also be able to select resolve vulnerability.

This feature proposal is to add vulnerability explanation to the security finding widget, launched from the MR and on the security tab of the pipeline view.

What success looks like for this feature proposal is that developers can take immediate action on vulnerabilities detected in their source branch of MRs, by providing them the ability to have detected SAST vulnerabilities explained right within the MR widget vulnerability page and pipeline view security tab.