Integrate "Explain Vulnerability" with DuoChat
What does this MR do and why?
The code changes introduce a new feature that allows users to explain vulnerabilities and get mitigation advice using AI. It includes a button to trigger the AI assistant, which opens a chat window with a pre-filled prompt. The feature is powered by a GraphQL mutation that communicates with the AI service. Additionally, a deprecated version of the component is kept for backward compatibility.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before | After |
---|---|
![]() |
![]() |
How to set up and validate locally
- Enable the
explain_vulnerability_tool
feature flag (echo "Feature.enable(:explain_vulnerability_tool)" | rails c
) - Visit a SAST vulnerability
- Click on "Explain Vulnerability" and verify that DuoChat opens, and the
/explain_vulnerability
command is sent
Related to #466080 (closed)
Edited by David Pisek