docs: Add SAST False Positive Detection documentation

Nate Rosandichrequested to merge
docs-sast-fp-detection into master

Add comprehensive documentation for the AI-powered SAST False Positive Detection feature introduced in GitLab 18.7.

Changes

  • New file: doc/user/application_security/vulnerabilities/false_positive_detection.md - Complete guide covering:

    • How FP detection works
    • Automatic and manual triggers
    • Confidence scoring
    • Configuration options
    • Limitations and troubleshooting

  • Updated: doc/user/application_security/vulnerabilities/_index.md - Added section on AI-powered false positive detection

  • Updated: doc/user/application_security/sast/_index.md - Added subsection on reducing false positives with AI

  • New file: doc/user/duo_agent_platform/flows/foundational_flows/sast_fp_detection.md - Foundational flow documentation

  • Updated: doc/user/duo_agent_platform/flows/foundational_flows/_index.md - Added SAST FP Detection to list of available flows

Related Issues

  • Relates to #581126 (Rollout issue for SAST FP detection)
  • Relates to epic #17883 (closed) (Automatic Detection of SAST False Positives)

Documentation Structure

The documentation follows the recommended structure:

  • Detailed guide in vulnerabilities section
  • Overview in vulnerabilities index
  • Link from SAST section
  • Foundational flow documentation in Duo Agent Platform

Tier & Availability

  • Tier: Ultimate
  • Add-ons: Duo Core, Duo Pro, Duo Enterprise
  • Status: Beta (18.7)
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
Edited by Nate Rosandich

Merge request reports