Add send code with prompt checkbox to Explain Vulnerability
What does this MR do and why?
This MR adds a Send code with prompt checkbox on the vulnerability details page for the Explain Vulnerability feature:
 |
On page load while the prompt is still loading, the checkbox will be indeterminate and disabled, and the Try it out button will be disabled:
 |
Once the prompt is loaded, if there is a prompt with source code, the checkbox is checked by default. If there is no prompt with source code or if there was an error loading the prompt, the checkbox is unchecked and disabled:
| With source code prompt | Without source code prompt |
|---|---|
 |
 |
Note that disabling the checkbox is temporary until we complete #417078 (closed) and #417079 (closed).
Checking and unchecking the checkbox will toggle between showing the source code prompt and non-source code prompt in the Show prompt accordion:
Hovering over or clicking the i icon will show a popover tooltip with no delay. The tooltip can be hidden by hovering out, clicking off, or clicking the close icon:
How to verify locally
- Enable the
openai_experimentation,explain_vulnerability, andexplain_vulnerability_vertexfeature flags. - Clone this project locally: https://gitlab.com/gitlab-org/security-products/tests/webgoat.net
- Run a pipeline against the master branch.
- Go to
Security & Compliance -> Vulnerability Report. - Click on any vulnerability to go to the vulnerability details page (they are all SAST vulnerabilities). Verify that the Explain this vulnerability section has the
Send code with promptcheckbox.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #418855 (closed)