[GA] Vulnerability Explanation
### Release notes
Vulnerability Explanation is now a part of GitLab Duo Chat and is generally available. With Vulnerability Explanation, you can open chat from any vulnerability report record. Ask questions like "How is this vulnerability exploited?" or "What is this vulnerability about?" to quickly understand a vulnerability.
Release post item: https://about.gitlab.com/releases/2024/07/18/gitlab-17-2-released/#vulnerability-explanation
### Problem to solve
In https://gitlab.com/groups/gitlab-org/-/epics/10284+ we created a way for users to quickly understand a vulnerability so that they know what next steps to take, i.e. what code change do I need to make etc. We have received feedback from the market and seen competition announce similar features; GitHub has [CopilotX for the Entire Dev Workflow](https://www.youtube.com/watch?v=ZtZ0xdk5wTM) and Snyk has [AI-generated security fixes](https://snyk.io/blog/ai-generated-security-fixes-in-snyk-code-now-available/).
Explain this Vulnerability will mature into Generally Available (GA).
### Focus for GA
1. Move Vulnerability Explanation to GitLab Duo Chat, https://gitlab.com/groups/gitlab-org/-/epics/13309, ~"group::threat insights" .
2. Refine the prompt and response to be sure users are getting a useful response, https://gitlab.com/groups/gitlab-org/modelops/ai-model-validation-and-research/-/epics/9, ~"group::ai model validation".
3. Set a baseline for useful responses and be able to measure and test at scale, https://gitlab.com/groups/gitlab-org/modelops/ai-model-validation-and-research/-/epics/9, ~"group::ai model validation".
4. Vulnerability Explanation is available for self-managed, dedicated and .com, https://gitlab.com/groups/gitlab-org/-/epics/14018, ~"group::ai framework".
5. Included as a part of the AI Gateway, https://gitlab.com/gitlab-org/gitlab/-/issues/448879, ~"group::ai framework".
6. Included, exclusively as a part of GitLab Duo Enterprise, https://gitlab.com/gitlab-org/gitlab/-/issues/458970, ~"group::threat insights".
7. Vulnerability Explanation meets all legal requirements, https://gitlab.com/gitlab-com/legal-and-compliance/-/issues/2058, ~"group::threat insights".
### Intended users
- [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer) can use this feature to better understand and potentially fix vulnerability findings before she tries to merge to the default branch.
- [Amy (Security Analyst)](https://handbook.gitlab.com/handbook/product/personas/#amy-application-security-engineer) uses this feature to quickly triage vulnerabilities and learn about specific vulnerabilities quickly.
## Implementation Plan
:rotating_light: **Target Release: %"17.2"** :rotating_light:
All MR (including FF enabled by default) must be merged by **July 12** to ensure it is made available for Self Instance & Dedicated.
```mermaid
gantt
title GA Vulnerability Explanation
dateFormat YYYY-MM-DD
section General
Chat Bash :2024-06-26 , 7d
UX Review :2024-06-26 , 1d
Bug Fixes :2024-07-03, 7d
Go/ No Go Date :2024-07-11, 1d
Code Freeze :2024-07-12, 1d
Release .com/SM :2024-07-18, 1d
section Threat Insights
Bring Vulnerability Explanation to Duo Chat :a1, 2024-06-01, 2024-06-26
Vulnerability Explanation is behind the Duo Enterprise Feature Toggle :2024-06-01, 2024-06-26
section Model Validation
Model Validation (first look) :a2, :2024-06-10, 2d
Model Validation Iteration :after a2, :2024-06-11, 2024-06-26
section AI Framework
AI Gateway :2024-06-01, 2024-06-26
```
### Workflow
| 1 | 2 |
|---|---|
|  |  |
1. Keep the current vulnerability explanation section
2. User clicks on "explain vulnerability" button
3. Which opens the Duo chat drawer
4. It triggers the `/vulnerabilty_explain` quick command
5. Displays AI response
6. User can submit feedback
epic