Add ai_workflows scope to pipeline security report finding GraphQL fields

What does this MR do and why?

Adds the ai_workflows authorization scope to GraphQL fields related to pipeline security report findings, enabling AI workflow integrations to access vulnerability data via the GraphQL API.

References

Relates to fix: list_security_findings returns "Pipeline n... (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#2167 - closed)

Works in conjunction with fix: use pipelines(ref:) GraphQL field to resol... (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!5243 - merged)

Screenshots or screen recordings

How to set up and validate locally

  1. Stage an MR with SAST findings triggered by a push pipeline (not an MR-event pipeline).
  2. Open the Security Analyst Agent chat on the MR.
  3. Ask: "Use list_security_findings to get the findings in this MR?" — pass the source branch as ref.
  4. The tool should now successfully return findings for both push-sourced and MR-event pipelines.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Nate Rosandich

Merge request reports

Loading