Skip to content

feat: add flow for SAST vulnerability resolution

Andrew Jungrequested to merge
556989/poc-flow-registry into main

Creates a new flow to resolve SAST vulnerabilities.

What does this merge request do and why?

Related Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/556989

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Set-up AIGW/duo workflow service locally (EE License, feature flags , etc.)
  2. Have a GitLab runner running (e.g., Docker/Colima)
  3. Check out this branch and set it with gdk config set gitlab_ai_gateway.version 556989/poc-flow-registry
  4. Edit the curl command with a local vulnerability
  5. Run the script -> workflow completes -> view merge request created.

curl command:

#!/bin/bash
export GDK_API_TOKEN=<>

curl -X POST \
-H "Authorization: Bearer $GDK_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"project_id": "26",
"agent_privileges": [1, 2, 3, 4, 5],
"goal": "Fix vulnerability ID: 773",
"start_workflow": true,
"workflow_definition": "resolve_sast_vulnerability/experimental",
"environment": "web",
"source_branch": "security/sast/resolve-vulnerability-773"
}' \
http://gdk.test:3000/api/v4/ai/duo_workflows/workflows

Merge request checklist

  • Tests added for new functionality. If not, please raise an issue to follow up.
  • Documentation added/updated, if needed.
Edited by Andrew Jung

Merge request reports