Switch to abstraction layer for "Explain this vulnerability" feature
What does this MR do and why?
This MR switches the "Explain this vulnerability" feature from using the experimentation API (allows freeform prompt input, but is restricted to GitLab team members) to the explainVulnerability
function on the aiAction
GraphQL mutation (available to everyone, but no freeform input). This will allow everyone to use the "Explain this vulnerability" feature.
![]() |
How to set up and validate locally
- Enable the
openai_experimentation
andexplain_vulnerability
feature flags. - Clone this project: https://gitlab.com/gitlab-org/security-products/tests/webgoat.net
- Run a pipeline against the master branch.
- Go to
Security and Compliance -> Vulnerability report
. - The list should only contain SAST vulnerabilities. Click on any one to get to the vulnerability details page.
- Click on the "Explain this vulnerability" button and wait around 15 seconds.
- Verify that an explanation is displayed in the drawer that opens to the right.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #406633 (closed)
Edited by Daniel Tian