Update false positive details

Scott Hamptonrequested to merge
585162-update-fp-vuln-details into master

What does this MR do and why?

Update the false positive details that show up in the vulnerability details description. Moved it into a child component. Truncated the false positive description, and allowed the user to expand it.

The details show even if the confidence is low, but just shows that it is not a false positive.

Redesigned the remove false positive button.

References

Related to #585162

Design this was based on

Screenshots or screen recordings

Before After
Screenshot_2026-01-14_at_3.48.53_PM Screenshot_2026-01-14_at_9.34.40_AM
Screenshot_2026-01-14_at_9.47.36_AM
Screenshot_2026-01-14_at_3.55.15_PM Screenshot_2026-01-14_at_3.55.43_PM

How to set up and validate locally

  1. Have a runner set up
  2. Have a group with Duo set up
  3. Visit a project with vulnerabilities in the Duo group
  4. Manually kick off a workflow with curl command
curl -X POST 'http://host.docker.internal:3000/api/v4/ai/duo_workflows/workflows' \
  --header 'Content-Type: application/json' \
  --data '{
    "project_id": "<project_id>",
    "agent_privileges": [1, 2, 3, 4, 5],
    "goal": "<vulnerability_id>",
    "start_workflow": true,
    "workflow_definition": "sast_fp_detection/v1",
    "environment": "web",
    "source_branch": "master"
}' \
  --header 'Authorization: Bearer <PAT_token>'
  1. Once workflow completes, verify correct false positive details render and behave correctly on vulnerability details page

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Scott Hampton

Merge request reports