Skip to content
Snippets Groups Projects

Resolve "Display badge on AI-resolvable items within the MR report"

All threads resolved!

What does this MR do and why?

This code diff introduces a new feature to the Merge Request widget. It adds a badge to vulnerabilities that can be resolved using AI. This badge is only shown if the user has the ability to resolve vulnerabilities with AI and the vulnerability has AI resolution enabled.

Additionally, the feature flag (`resolve_vulnerability_in_mr) for resolving vulnerabilities in the merge request must be enabled.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-10-07_at_11.30.17_AM Screenshot_2024-10-07_at_11.29.54_AM

How to set up and validate locally

  1. Import this project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/cwe-tests
  2. DO NOT RUN A PIPELINE AGAINST MASTER
  3. Add a small change, eg. add a README and create a new MR
  4. Run pipeline
  5. Reload MR page after pipeline has finished
  6. Verify that the badges are NOT showing
  7. Enable the FF: echo 'Feature.enable(:resolve_vulnerability_in_mr)' | rails c
  8. Verify that the badges are showing

Related to #482900 (closed)

Edited by David Pisek

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • David Pisek requested review from @sming-gitlab

    requested review from @sming-gitlab

  • David Pisek added 1 commit

    added 1 commit

    • ed39af32 - Add AI badge to MR widget vulnerability findings

    Compare with previous version

  • David Pisek marked this merge request as ready

    marked this merge request as ready

  • Samantha Ming approved this merge request

    approved this merge request

  • Before you set this MR to auto-merge

    This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.

    Before you set this MR to auto-merge, please check the following:

    • You are the last maintainer of this merge request
    • The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
    • This pipeline is recent enough (created in the last 8 hours)

    If all the criteria above apply, please set auto-merge for this merge request.

    See pipeline tiers and merging a merge request for more details.

  • David Pisek requested review from @svedova

    requested review from @svedova

  • Savas Vedova approved this merge request

    approved this merge request

  • Savas Vedova enabled automatic add to merge train when checks pass

    enabled automatic add to merge train when checks pass

  • Savas Vedova resolved all threads

    resolved all threads

  • E2E Test Result Summary

    allure-report-publisher generated test report!

    e2e-test-on-gdk: :white_check_mark: test report for ed39af32

    expand test summary
    +------------------------------------------------------------------+
    |                          suites summary                          |
    +-------------+--------+--------+---------+-------+-------+--------+
    |             | passed | failed | skipped | flaky | total | result |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Create      | 128    | 0      | 18      | 0     | 146   | ✅     |
    | Package     | 24     | 0      | 11      | 0     | 35    | ✅     |
    | Plan        | 76     | 0      | 0       | 0     | 76    | ✅     |
    | Release     | 5      | 0      | 0       | 0     | 5     | ✅     |
    | Data Stores | 33     | 0      | 1       | 0     | 34    | ✅     |
    | Govern      | 73     | 0      | 0       | 0     | 73    | ✅     |
    | Monitor     | 8      | 0      | 0       | 0     | 8     | ✅     |
    | Verify      | 45     | 0      | 2       | 0     | 47    | ✅     |
    | Analytics   | 2      | 0      | 0       | 0     | 2     | ✅     |
    | Fulfillment | 2      | 0      | 0       | 0     | 2     | ✅     |
    | Secure      | 4      | 0      | 0       | 0     | 4     | ✅     |
    | Manage      | 1      | 0      | 1       | 0     | 2     | ✅     |
    +-------------+--------+--------+---------+-------+-------+--------+
    | Total       | 401    | 0      | 33      | 0     | 434   | ✅     |
    +-------------+--------+--------+---------+-------+-------+--------+

    e2e-test-on-omnibus: :white_check_mark: test report for ed39af32

    expand test summary
    +-------------------------------------------------------------+
    |                       suites summary                        |
    +--------+--------+--------+---------+-------+-------+--------+
    |        | passed | failed | skipped | flaky | total | result |
    +--------+--------+--------+---------+-------+-------+--------+
    | Govern | 108    | 0      | 6       | 0     | 114   | ✅     |
    | Create | 408    | 0      | 60      | 0     | 468   | ✅     |
    +--------+--------+--------+---------+-------+-------+--------+
    | Total  | 516    | 0      | 66      | 0     | 582   | ✅     |
    +--------+--------+--------+---------+-------+-------+--------+
  • merged

  • Savas Vedova mentioned in commit 32f964ed

    mentioned in commit 32f964ed

  • added workflowstaging label and removed workflowcanary label

  • Please register or sign in to reply
    Loading