Switch to abstraction layer for "Explain this vulnerability" feature (!117657) · Merge requests · GitLab.org / GitLab

Daniel Tian requested to merge 406633-add-explain-this-vulnerability into master Apr 14, 2023

What does this MR do and why?

This MR switches the "Explain this vulnerability" feature from using the experimentation API (allows freeform prompt input, but is restricted to GitLab team members) to the explainVulnerability function on the aiAction GraphQL mutation (available to everyone, but no freeform input). This will allow everyone to use the "Explain this vulnerability" feature.

How to set up and validate locally

Enable the openai_experimentation and explain_vulnerability feature flags.
Clone this project: https://gitlab.com/gitlab-org/security-products/tests/webgoat.net
Run a pipeline against the master branch.
Go to Security and Compliance -> Vulnerability report.
The list should only contain SAST vulnerabilities. Click on any one to get to the vulnerability details page.
Click on the "Explain this vulnerability" button and wait around 15 seconds.
Verify that an explanation is displayed in the drawer that opens to the right.

2023-04-18_23-32-00

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #406633 (closed)

Edited Apr 19, 2023 by Daniel Tian

Switch to abstraction layer for "Explain this vulnerability" feature

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports