Fixes issues with incorrectly displaying VR button
What does this MR do and why?
This MR adds an additional check when displaying the resolve with AI button. The check will now differentiate between resolution being available and enabled. In the current context, available means a SAST type, and enabled means the vulnerability is on the high confidence list.
This resolves this bug: VR appearing for non-SAST vulnerabilities (#489875 - closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Dropdown
| Tyes | Outcome |
|---|---|
| Non-SAST |
|
| SAST |
|
| SAST (High confidence) |
|
Badge
Badge only appears for High confidence SAST
| Types | Outcome |
|---|---|
| SAST (high confidence) |  |
| Non-SAST |
|
How to set up and validate locally
Vulnerability Report
- Clone this project (SAST): https://staging.gitlab.com/govern-team-test/oxeye-rulez
- Clone this project (non-SAST): https://gitlab.com/gitlab-examples/security/security-reports
- Go to the vulnerability report page > click on a vulnerability
- Non-SAST: Does not AI dropdown
- SAST (high confidence): Shows dropdown with VR enabled
- SAST: Shows dropdown with VR disabled
Badge
- Enable feature flag:
vulnerability_report_vr_badge - Clone this project: https://staging.gitlab.com/govern-team-test/oxeye-rulez
- Go to the vulnerability report page
- You will see the badge for VR enabled vulnerabilities
- If the "GitLab Duo features" is unchecked (docs), the badge will not appear for VR enabled vulnerabilities
Numbered steps to set up and validate the change are strongly suggested.
Relates: #489875 (closed)