Skip to content

Agentic VR badges

Scott Hamptonrequested to merge
556999-vulnerability-duo-progress-badge into master

What does this MR do and why?

As part of the initiative to add an agentic flow for resolving SAST vulnerabilities, we are adding new badges and states to the vulnerability report.

  • AI fix in progress badge
  • AI fixed badge

This change is behind a new feature flag agentic_sast_vr_ui.

The AI fix in progress badge expects a yet to be implemented graphql field aiFixInProgress which will be based on related workflows. This now uses a client-side resolver to simulate some of the vulnerabilities having a fix in progress.

References

Related to #556999

Screenshots or screen recordings

Here's a demo (ignore state 3 as that was determined to be removed)

Description Image
Feature flag disabled Screenshot_2025-09-23_at_11.41.47_AM
Feature flag enabled Screenshot_2025-09-23_at_11.43.32_AM
AI authored MR fix Screenshot_2025-09-23_at_11.45.48_AM
AI fix in progress with no existing MR Screenshot_2025-09-23_at_11.46.10_AM

How to set up and validate locally

  1. In rails console enable the feature flag 
    Feature.enable(:agentic_sast_vr_ui)
  2. Visit a project with vulnerabilities
  3. Verify that the AI fix in progress badge is showing

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Scott Hampton

Merge request reports