Add ai_workflows scope to pipeline security report finding GraphQL fields
What does this MR do and why?
Adds the ai_workflows authorization scope to GraphQL fields related to pipeline security report findings, enabling AI workflow integrations to access vulnerability data via the GraphQL API.
References
Works in conjunction with fix: use pipelines(ref:) GraphQL field to resol... (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!5243 - merged)
Screenshots or screen recordings
How to set up and validate locally
- Stage an MR with SAST findings triggered by a
pushpipeline (not an MR-event pipeline). - Open the Security Analyst Agent chat on the MR.
- Ask: "Use list_security_findings to get the findings in this MR?" — pass the source branch as
ref. - The tool should now successfully return findings for both push-sourced and MR-event pipelines.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Nate Rosandich