[GA] Vulnerability Resolution
:star: **New GA VR issue/work is being tracked in** https://gitlab.com/groups/gitlab-org/-/epics/14847+
### Release notes
Vulnerability resolution using AI to to give specific code suggestions for users to fix vulnerabilities. With the click of a button you can open a merge request or see a suggestion in your merge request to resolve a vulnerability.
### Problem to solve
With https://gitlab.com/groups/gitlab-org/-/epics/10641+ we created a way to help users better understand vulnerabilities. However, vulnerability remediation can be complex and it's not always clear where to start. Vulnerability Resolution aims to give specific code suggestions to users as to how they can fix the vulnerability.
Vulnerability Resolution will mature into Generally Available (GA).
### Focus for GA
1. Refine the prompt and response to be sure users are getting a useful response, https://gitlab.com/groups/gitlab-org/-/epics/13591, ~"group::ai model validation".
2. Set a baseline for useful responses and be able to measure and test at scale, https://gitlab.com/groups/gitlab-org/-/epics/13591, ~"group::ai model validation".
3. Vulnerability Explanation is available for self-managed, dedicated and .com, https://gitlab.com/groups/gitlab-org/-/epics/14019, ~"group::ai framework".
4. Included as a part of the AI Gateway, https://gitlab.com/groups/gitlab-org/-/epics/14019, ~"group::ai framework".
5. Included, exclusively as a part of GitLab Duo Enterprise, https://gitlab.com/gitlab-org/gitlab/-/issues/464087, ~"group::threat insights".
6. Vulnerability Resolution meets all legal requirements, https://gitlab.com/gitlab-com/legal-and-compliance/-/issues/2057, ~"group::threat insights".
### Intended users
- [Sasha (Software Developer)](https://about.gitlab.com/handbook/product/personas/#sasha-software-developer) can use this feature to better understand and potentially fix vulnerability findings before she tries to merge to the default branch.
- [Sam (Security Analyst)](https://about.gitlab.com/handbook/product/personas/#sam-security-analyst) uses this feature to quickly triage vulnerabilities and learn about specific vulnerabilities quickly.
## Implementation Plan
:rotating_light: **Target Release: %"17.2"** :rotating_light:
All MR (including FF enabled by default) must be merged by **July 12** to ensure it is made available for Self Instance & Dedicated.
```mermaid
gantt
title GA Vulnerability Resolution
dateFormat YYYY-MM-DD
section General
UX Review :2024-07-01 , 1d
Bug Fixes :2024-07-03, 7d
Go/ No Go Date :2024-07-11, 1d
Code Freeze :2024-07-12, 1d
Release .com/SM :2024-07-18, 1d
section Threat Insights
Resolution Feature Work :2024-06-01, 2024-07-01
Vulnerability Explanation is behind the Duo Enterprise Feature Toggle :2024-06-01, 2024-06-26
section Model Validation
Model Validation (first look) :a2, :2024-06-14, 2d
Model Validation Iteration :after a2, :2024-06-17, 2024-06-28
section AI Framework
AI Gateway :2024-06-01, 2024-07-01
```
epic