Route resolve vulnerability through the Anthropic client (!156671) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge route-resolve_vulnerability-through-anthropic into master Jun 18, 2024

What does this MR do and why?

Route vulnerability resolution AI requests through Anthropic client.

How to set up and validate locally

Enable the resolve_vulnerability_ai_gateway feature flag:
```
Feature.enable(:resolve_vulnerability_ai_gateway)
```
Setup local AI Gateway

Create a vulnerability in a project with a file:

source = <<~SOURCE
#include <stdio.h>

int main(int argc, char *argv[])
{
  char buf[8];
  memcpy(&buf, "123456789");
  printf("hello, world!");
}
SOURCE
project = Project.find(<my-project-id>)
project.repository.create_file(User.find(<my-user-id>), 'src/main.c', source, message: 'Vulnerable file', branch_name: 'main')
finding = FactoryBot.create(:vulnerabilities_finding, :sast, project: project, location: { 'file' => 'src/main.c', 'start_line' => 5, 'end_line' => 6 })
FactoryBot.create(:vulnerability, findings: [finding], project: project)

Go to http://localhost:3000//-/security/vulnerabilities/1 and click Resolve with merge request

Edited Jun 26, 2024 by Alex Buijs

Route resolve vulnerability through the Anthropic client

What does this MR do and why?

How to set up and validate locally

Merge request reports