Add setting to enable/disable AI false positive detection

Illya Klymovrequested to merge
xanf-sast-fp-cascading-settings-frontend-v2 into master

What does this MR do and why?

This MR exposes frontend for setting to enable/disable AI false positive detection

References

Screenshots or screen recordings

https://www.youtube.com/watch?v=RBELdtmv_2I&feature=youtu.be

How to set up and validate locally

  1. Enable feature flag ai_experiment_sast_fp_detection
  2. Run migrations in this MR
  3. Observe lock behavior in instance/group/project settings

If you want to test that agent sessions were not created (full flow):

  1. Ensure that you have gitlab runner set up in your GDK https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/runner.md
  2. Enable feature flag by running
Feature.enable(:ai_experiment_sast_fp_detection)
  1. Verify that your project gitlab-duo/demo-sast was created and has 1 merge request
  2. Wait for all pipelines to finish (you can verify this with Build > Pipelines
  3. Verify that you have list of vulnerabilities in Secure > Vulnerability report
  4. Run rails console
  5. Copy the project to your GDK (replace gdk.test with your GDK domain and gitlab-duo/demo-sast with desired project path in your GDK)
cd /tmp # just to be nice
git clone git@gitlab.com:compliance-group-testing-and-demos/demos/test-sast.git
cd test-sast
git push --all ssh://git@gdk.test:2222/gitlab-duo/demo-sast.git -omerge_request.create
  1. Observe the behavior that depending on checkbox sessions are either created or not

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #577216

Edited by Illya Klymov

Merge request reports