Adds backend checks for vulnerability report VR icon

Darby Freyrequested to merge
adds-vr-checks-to-vulnerability-report into master

What does this MR do and why?

This MR adds the backend checks needed to enable the frontend logic to display the badge for vulnerabilities that can be resolved with VR on the report page as described in #481558 (closed).

There are two checks needed for the frontend:

  1. that the resolve_vulnerability_with_ai ability is true (via push_frontend_ability)
  2. that aiResolutionAvailable is true for the individual vulnerability record (via GraphQL)

If both are true, the badge should be displayed. If either are false, the badge should not be display.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. First check that the ability is being loaded on the report page by navigating to the report page, for example: http://gdk.test:3000/govern-demos/webgoat.net-anthropic/-/security/vulnerability_report and viewing the page source. Ensure that gon.abilities={"resolveVulnerabilityWithAi":true} is included in the page source.
  2. Next check that the aiResolutionAvailable attribute is available via GraphQL. In the graphql-explorer run this query:
query projectVulnerabilities($fullPath: ID!) {
  project(fullPath: $fullPath) {
    id
    vulnerabilities {
      nodes {
        id
        title
        aiResolutionAvailable
      }
    }
  }
}

With the variables:

{
  "fullPath": "govern-demos/webgoat.net-anthropic"
}

The aiResolutionAvailable attribute should be included in the response.

Edited by Darby Frey

Merge request reports