Implement anthropic as secondary ETV LLM (!128118) · Merge requests · GitLab.org / GitLab

Gregory Havenga requested to merge ghavenga-explain-this-vulnerability-anthropic into master Aug 01, 2023

What does this MR do and why?

Remove the explain_vulnerability_vertex feature flag as we are not able to switch it off due to OpenAI usage restrictions, thereby making VertexAi the default API for explain this vulnerability.

Additionally implement the explain_vulnerability_anthropic feature flag so that we can do a limited evaluation of Anthropic as well.

Finally, as the feature will not ultimately change between different providers, I've begun restructuring away from provider specific namespaces to minimise duplicate implementations.

How to set up and validate locally

Assuming you have an environment of sufficient configuration to have valid SAST vulnerability records, and credentials for the Vertex and Anthropic API's:

Use the Explain Vulnerability feature on a vulnerability. This should use the vertex api and work as expected.
Execute Feature.enable(:explain_vulnerability_anthropic)
Use the Explain Vulnerability feature on a different vulnerability (to avoid the 5 minute cache). This should work expected as well via the Anthropic API.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 08, 2023 by Gregory Havenga

Implement anthropic as secondary ETV LLM

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports