From cbecab47fc18995368eb03aaa82e10114c1aaf2b Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 10:39:34 +0300
Subject: [PATCH 01/10] Add latest flag loading to graphql request

* fetch latest flag if variable is passed to graphql request

Changelog: added
EE: true
---
 .../graphql/fragments/vulnerability.fragment.graphql        | 6 ++++++
 .../graphql/queries/group_vulnerabilities.query.graphql     | 1 +
 .../graphql/queries/instance_vulnerabilities.query.graphql  | 1 +
 .../graphql/queries/project_vulnerabilities.query.graphql   | 1 +
 4 files changed, 9 insertions(+)

diff --git a/ee/app/assets/javascripts/security_dashboard/graphql/fragments/vulnerability.fragment.graphql b/ee/app/assets/javascripts/security_dashboard/graphql/fragments/vulnerability.fragment.graphql
index 2da03506a3d439..c8a842e8cfb769 100644
--- a/ee/app/assets/javascripts/security_dashboard/graphql/fragments/vulnerability.fragment.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/fragments/vulnerability.fragment.graphql
@@ -78,4 +78,10 @@ fragment VulnerabilityFragment on Vulnerability {
   }
   reachability
   aiFixInProgress @client
+  latestFlag @include(if: $includeLatestFlag) {
+    id
+    status
+    description
+    confidenceScore
+  }
 }
diff --git a/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_vulnerabilities.query.graphql b/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_vulnerabilities.query.graphql
index f12f1af2500544..7ab761b0be8bb5 100644
--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_vulnerabilities.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/group_vulnerabilities.query.graphql
@@ -26,6 +26,7 @@ query groupVulnerabilities(
   $owaspTopTen: [VulnerabilityOwaspTop10!]
   $owaspTopTen2021: [VulnerabilityOwasp2021Top10!]
   $includeSeverityOverrides: Boolean = false
+  $includeLatestFlag: Boolean = false
   $reachability: ReachabilityType
 ) {
   group(fullPath: $fullPath) {
diff --git a/ee/app/assets/javascripts/security_dashboard/graphql/queries/instance_vulnerabilities.query.graphql b/ee/app/assets/javascripts/security_dashboard/graphql/queries/instance_vulnerabilities.query.graphql
index d152d76aabc028..54feb20039d9dd 100644
--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/instance_vulnerabilities.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/instance_vulnerabilities.query.graphql
@@ -23,6 +23,7 @@ query instanceVulnerabilities(
   $clusterAgentId: [ClustersAgentID!]
   $owaspTopTen: [VulnerabilityOwaspTop10!]
   $includeSeverityOverrides: Boolean = false
+  $includeLatestFlag: Boolean = false
 ) {
   vulnerabilities(
     before: $before
diff --git a/ee/app/assets/javascripts/security_dashboard/graphql/queries/project_vulnerabilities.query.graphql b/ee/app/assets/javascripts/security_dashboard/graphql/queries/project_vulnerabilities.query.graphql
index 17ba030f4b6666..c415dc431b3a1b 100644
--- a/ee/app/assets/javascripts/security_dashboard/graphql/queries/project_vulnerabilities.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/queries/project_vulnerabilities.query.graphql
@@ -27,6 +27,7 @@ query projectVulnerabilities(
   $owaspTopTen: [VulnerabilityOwaspTop10!]
   $owaspTopTen2021: [VulnerabilityOwasp2021Top10!]
   $includeSeverityOverrides: Boolean = false
+  $includeLatestFlag: Boolean = false
   $reachability: ReachabilityType
 ) {
   project(fullPath: $fullPath) {
-- 
GitLab


From 7a4bfc9d7f79ee7046ef313b311f7cbc6208a2a6 Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 10:40:45 +0300
Subject: [PATCH 02/10] Push frontend feature flag for AI SAST FP detection

* add feature flag definition
* publish to controllers

EE: true
---
 .../shared/ai_possible_fp_badge.vue           | 127 ++++++++++++++++++
 .../security/vulnerabilities_controller.rb    |   1 +
 .../security/vulnerabilities_controller.rb    |   1 +
 .../vulnerability_report_controller.rb        |   1 +
 .../security/vulnerabilities_controller.rb    |   1 +
 .../wip/ai_experiment_sast_fp_detection.yml   |  10 ++
 6 files changed, 141 insertions(+)
 create mode 100644 ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
 create mode 100644 ee/config/feature_flags/wip/ai_experiment_sast_fp_detection.yml

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
new file mode 100644
index 00000000000000..b9d3af12b5c736
--- /dev/null
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
@@ -0,0 +1,127 @@
+<script>
+import { GlBadge, GlIcon, GlPopover, GlProgressBar, GlButton, GlTruncateText } from '@gitlab/ui';
+import {
+  VULNERABILITY_STATE_OBJECTS,
+  CONFIDENCE_SCORES,
+  AI_FP_DISMISSAL_COMMENT,
+} from 'ee/vulnerabilities/constants';
+import { s__ } from '~/locale';
+import { createAlert } from '~/alert';
+
+// comes from VulnerabilityFalsePositiveDetectionStatus
+export const EXPECTED_STATUS = 'DETECTED_AS_FP';
+
+export const VULNERABILITY_UNTRIAGED_STATUS = VULNERABILITY_STATE_OBJECTS.detected.searchParamValue;
+
+export default {
+  components: {
+    GlBadge,
+    GlButton,
+    GlIcon,
+    GlPopover,
+    GlProgressBar,
+    GlTruncateText,
+  },
+  props: {
+    vulnerability: {
+      type: Object,
+      required: true,
+    },
+    canAdminVulnerability: {
+      type: Boolean,
+      required: false,
+      default: false,
+    },
+  },
+  computed: {
+    flag() {
+      return this.vulnerability.latestFlag;
+    },
+    isLikelyFalsePositive() {
+      return this.flag.confidenceScore >= CONFIDENCE_SCORES.LIKELY_FALSE_POSITIVE;
+    },
+    shouldRenderBadge() {
+      return (
+        this.flag?.status === EXPECTED_STATUS &&
+        this.flag.confidenceScore > CONFIDENCE_SCORES.MINIMAL
+      );
+    },
+    badgeText() {
+      return this.isLikelyFalsePositive
+        ? this.$options.i18n.badgeTextLikelyFP
+        : this.$options.i18n.badgeTextPossibleFP;
+    },
+    badgeVariant() {
+      return this.isLikelyFalsePositive ? 'success' : 'warning';
+    },
+    confidencePercentage() {
+      return Math.floor(this.flag.confidenceScore * 100);
+    },
+    canDismissVulnerability() {
+      return (
+        this.canAdminVulnerability && this.vulnerability.state === VULNERABILITY_UNTRIAGED_STATUS
+      );
+    },
+  },
+  methods: {
+    removeFlag() {
+      this.$apollo
+        .mutate({
+          mutation: VULNERABILITY_STATE_OBJECTS.dismissed.mutation,
+          variables: {
+            id: this.vulnerability.id,
+            dismissalReason: 'FALSE_POSITIVE',
+            comment: AI_FP_DISMISSAL_COMMENT,
+          },
+        })
+        .catch((error) => {
+          createAlert({
+            message: s__('Vulnerability|Something went wrong while dismissing the vulnerability.'),
+            captureError: true,
+            error,
+          });
+        });
+    },
+  },
+  i18n: {
+    badgeTextPossibleFP: s__('Vulnerability|Possible FP'),
+    badgeTextLikelyFP: s__('Vulnerability|Likely FP'),
+    aiConfidenceScore: s__('Vulnerability|AI Confidence Score'),
+    why: s__('Vulnerability|Why it is likely a false positive'),
+    removeFlag: s__('Vulnerability|Remove False Positive Flag'),
+  },
+};
+</script>
+
+<template>
+  <gl-badge v-if="shouldRenderBadge" :variant="badgeVariant" size="sm" ref="badge">
+    <gl-icon name="tanuki-ai" class="gl-mr-1" />
+    <span data-testid="ai-fix-in-progress-b"> {{ badgeText }}</span>
+    <gl-popover
+      :target="() => $refs.badge.$el"
+      placement="left"
+      show-close-button
+      :css-classes="['gl-max-w-62']"
+    >
+      <template #title>{{ vulnerability.title }}</template>
+      <div class="gl-mt-2 gl-flex gl-items-center gl-gap-3 gl-font-bold">
+        {{ $options.i18n.aiConfidenceScore }}:
+        <gl-progress-bar
+          :value="confidencePercentage"
+          class="gl-h-3 gl-w-15"
+          :variant="badgeVariant"
+        />
+        {{ confidencePercentage }}%
+      </div>
+      <div v-if="flag.description" class="gl-mt-3">
+        <h4 class="gl-text-base gl-font-bold">{{ $options.i18n.why }}</h4>
+        <gl-truncate-text :lines="5" class="gl-whitespace-pre-wrap">{{
+          flag.description
+        }}</gl-truncate-text>
+      </div>
+      <gl-button v-if="canDismissVulnerability" class="gl-mt-5" variant="link" @click="removeFlag">
+        {{ $options.i18n.removeFlag }}
+      </gl-button>
+    </gl-popover>
+  </gl-badge>
+</template>
diff --git a/ee/app/controllers/groups/security/vulnerabilities_controller.rb b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
index 020fd3c1e458d2..5a63ec96d0d4ca 100644
--- a/ee/app/controllers/groups/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/groups/security/vulnerabilities_controller.rb
@@ -20,6 +20,7 @@ class VulnerabilitiesController < Groups::ApplicationController
         push_frontend_ability(ability: :resolve_vulnerability_with_ai, resource: @group, user: current_user)
         push_frontend_feature_flag(:vulnerability_report_type_scanner_filter, @group, type: :beta)
         push_frontend_feature_flag(:security_policy_approval_warn_mode, @group, type: :wip)
+        push_frontend_feature_flag(:ai_experiment_sast_fp_detection, @group, type: :wip)
         push_frontend_ability(ability: :access_advanced_vulnerability_management, resource: @group, user: current_user)
       end
 
diff --git a/ee/app/controllers/projects/security/vulnerabilities_controller.rb b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
index f148d5e8860c5e..0a453164365a54 100644
--- a/ee/app/controllers/projects/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
@@ -17,6 +17,7 @@ class VulnerabilitiesController < Projects::ApplicationController
         push_frontend_feature_flag(:validity_checks, project)
         push_frontend_feature_flag(:secret_detection_validity_checks_refresh_token, project)
         push_frontend_feature_flag(:security_policy_approval_warn_mode, project)
+        push_frontend_feature_flag(:ai_experiment_sast_fp_detection, project)
       end
 
       alias_method :vulnerable, :project
diff --git a/ee/app/controllers/projects/security/vulnerability_report_controller.rb b/ee/app/controllers/projects/security/vulnerability_report_controller.rb
index 10de112ec0753f..0fffc04a77ad52 100644
--- a/ee/app/controllers/projects/security/vulnerability_report_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerability_report_controller.rb
@@ -13,6 +13,7 @@ class VulnerabilityReportController < Projects::ApplicationController
         push_frontend_feature_flag(:validity_checks, @project, type: :wip)
         push_frontend_feature_flag(:vulnerability_report_type_scanner_filter, @project, type: :beta)
         push_frontend_feature_flag(:agentic_sast_vr_ui, @project, type: :wip)
+        push_frontend_feature_flag(:ai_experiment_sast_fp_detection, @project, type: :wip)
         push_frontend_feature_flag(:security_policy_approval_warn_mode, @project, type: :wip)
         push_frontend_ability(ability: :resolve_vulnerability_with_ai, resource: @project, user: current_user)
         push_frontend_ability(ability: :access_advanced_vulnerability_management, resource: @project,
diff --git a/ee/app/controllers/security/vulnerabilities_controller.rb b/ee/app/controllers/security/vulnerabilities_controller.rb
index 2f83a3037d2238..d6996a949a1b8f 100644
--- a/ee/app/controllers/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/security/vulnerabilities_controller.rb
@@ -16,6 +16,7 @@ class VulnerabilitiesController < ::Security::ApplicationController
       )
 
       push_frontend_ability(ability: :resolve_vulnerability_with_ai, resource: vulnerable, user: current_user)
+      push_frontend_feature_flag(:ai_experiment_sast_fp_detection, current_user, type: :wip)
     end
 
     private
diff --git a/ee/config/feature_flags/wip/ai_experiment_sast_fp_detection.yml b/ee/config/feature_flags/wip/ai_experiment_sast_fp_detection.yml
new file mode 100644
index 00000000000000..3fe77304dd152a
--- /dev/null
+++ b/ee/config/feature_flags/wip/ai_experiment_sast_fp_detection.yml
@@ -0,0 +1,10 @@
+---
+name: ai_experiment_sast_fp_detection
+description: Enable the AI experiment for SAST false positive detection
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/556855
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/207477
+rollout_issue_url:
+milestone: '18.5'
+group: group::ai framework
+type: wip
+default_enabled: false
-- 
GitLab


From 2c5078f87108103c8c29c773537d6e2567b9f4af Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 10:43:03 +0300
Subject: [PATCH 03/10] Add specs for possible FP badge component

* verify expected behavior

EE: true
---
 .../shared/ai_possible_fp_badge.vue           |   2 +-
 .../javascripts/vulnerabilities/constants.js  |   9 +
 .../shared/ai_possible_fp_badge_spec.js       | 227 ++++++++++++++++++
 3 files changed, 237 insertions(+), 1 deletion(-)
 create mode 100644 ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
index b9d3af12b5c736..7d5b8c5f88220a 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
@@ -94,7 +94,7 @@ export default {
 </script>
 
 <template>
-  <gl-badge v-if="shouldRenderBadge" :variant="badgeVariant" size="sm" ref="badge">
+  <gl-badge v-if="shouldRenderBadge" ref="badge" :variant="badgeVariant" size="sm">
     <gl-icon name="tanuki-ai" class="gl-mr-1" />
     <span data-testid="ai-fix-in-progress-b"> {{ badgeText }}</span>
     <gl-popover
diff --git a/ee/app/assets/javascripts/vulnerabilities/constants.js b/ee/app/assets/javascripts/vulnerabilities/constants.js
index cae57a2f1ffaad..533333ff8124a1 100644
--- a/ee/app/assets/javascripts/vulnerabilities/constants.js
+++ b/ee/app/assets/javascripts/vulnerabilities/constants.js
@@ -142,3 +142,12 @@ export const VULNERABILITY_TAB_NAMES = Object.freeze({
 export const VULNERABILITY_TAB_INDEX_TO_NAME = {
   1: CODE_FLOW_TAB_URL,
 };
+
+export const CONFIDENCE_SCORES = {
+  MINIMAL: 0.3,
+  LIKELY_FALSE_POSITIVE: 0.7,
+};
+
+export const AI_FP_DISMISSAL_COMMENT = s__(
+  'Vulnerability|Dismissed as false positive detected by Duo AI',
+);
diff --git a/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js b/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js
new file mode 100644
index 00000000000000..495b013bb7bcdf
--- /dev/null
+++ b/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js
@@ -0,0 +1,227 @@
+import { GlBadge, GlPopover, GlProgressBar, GlButton } from '@gitlab/ui';
+import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
+import {
+  VULNERABILITY_STATE_OBJECTS,
+  CONFIDENCE_SCORES,
+  AI_FP_DISMISSAL_COMMENT,
+} from 'ee/vulnerabilities/constants';
+import AiPossibleFpBadge, {
+  EXPECTED_STATUS,
+  VULNERABILITY_UNTRIAGED_STATUS,
+} from 'ee/security_dashboard/components/shared/ai_possible_fp_badge.vue';
+
+describe('AiPossibleFpBadge', () => {
+  let wrapper;
+  let apolloMutateSpy;
+
+  const defaultVulnerability = {
+    id: 'gid://gitlab/Vulnerabilities::Finding/123',
+    title: 'Test Vulnerability',
+    state: VULNERABILITY_UNTRIAGED_STATUS,
+    latestFlag: {
+      status: EXPECTED_STATUS,
+      confidenceScore: 0.5,
+      description: 'This is likely a false positive because...',
+    },
+  };
+
+  const createComponent = (props = {}, options = {}) => {
+    apolloMutateSpy = jest.fn().mockResolvedValue({});
+
+    return shallowMountExtended(AiPossibleFpBadge, {
+      propsData: {
+        vulnerability: {
+          ...defaultVulnerability,
+          ...props.vulnerability,
+        },
+        canAdminVulnerability: false,
+        ...props,
+      },
+      stubs: {
+        GlPopover,
+      },
+      mocks: {
+        $apollo: {
+          mutate: apolloMutateSpy,
+        },
+      },
+      ...options,
+    });
+  };
+
+  const findBadge = () => wrapper.findComponent(GlBadge);
+  const findBadgeText = () => wrapper.findByTestId('ai-fix-in-progress-b');
+  const findProgressBar = () => wrapper.findComponent(GlProgressBar);
+  const findRemoveFlagButton = () => wrapper.findComponent(GlButton);
+
+  describe('when confidence score is between minimal and likely threshold', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        vulnerability: {
+          latestFlag: {
+            status: EXPECTED_STATUS,
+            confidenceScore: 0.5,
+          },
+        },
+      });
+    });
+
+    it('renders the badge with warning variant', () => {
+      expect(findBadge().props('variant')).toBe('warning');
+    });
+
+    it('renders "Possible FP" text', () => {
+      expect(findBadgeText().text()).toBe('Possible FP');
+    });
+
+    it('renders the confidence score correctly', () => {
+      expect(wrapper.text()).toContain('AI Confidence Score');
+      expect(findProgressBar().props('value')).toBe(50);
+      expect(findProgressBar().props('variant')).toBe('warning');
+      expect(wrapper.text()).toContain('50%');
+    });
+  });
+
+  describe('when confidence score is above the likely threshold', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        vulnerability: {
+          latestFlag: {
+            status: EXPECTED_STATUS,
+            confidenceScore: CONFIDENCE_SCORES.LIKELY_FALSE_POSITIVE + 0.1,
+          },
+        },
+      });
+    });
+
+    it('renders the badge with success variant', () => {
+      expect(findBadge().props('variant')).toBe('success');
+    });
+
+    it('renders "Likely FP" text', () => {
+      expect(findBadgeText().text()).toBe('Likely FP');
+    });
+
+    it('renders the progress bar with success variant', () => {
+      expect(findProgressBar().props('variant')).toBe('success');
+      expect(findProgressBar().props('value')).toBe(80);
+    });
+  });
+
+  describe('when confidence score is below the minimal threshold', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        vulnerability: {
+          latestFlag: {
+            status: EXPECTED_STATUS,
+            confidenceScore: CONFIDENCE_SCORES.MINIMAL - 0.1,
+          },
+        },
+      });
+    });
+
+    it('does not render the badge', () => {
+      expect(findBadge().exists()).toBe(false);
+    });
+  });
+
+  describe('when status is not the expected one', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        vulnerability: {
+          latestFlag: {
+            status: 'SOME_OTHER_STATUS',
+            confidenceScore: 0.9,
+          },
+        },
+      });
+    });
+
+    it('does not render the badge', () => {
+      expect(findBadge().exists()).toBe(false);
+    });
+  });
+
+  describe('when flag description is present', () => {
+    beforeEach(() => {
+      wrapper = createComponent();
+    });
+
+    it('renders the description section', () => {
+      expect(wrapper.text()).toContain('Why it is likely a false positive');
+      expect(wrapper.text()).toContain('This is likely a false positive because...');
+    });
+  });
+
+  describe('when flag description is not present', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        vulnerability: {
+          latestFlag: {
+            status: EXPECTED_STATUS,
+            confidenceScore: 0.5,
+            description: null,
+          },
+        },
+      });
+    });
+
+    it('does not render the description section', () => {
+      expect(wrapper.text()).not.toContain('Why it is likely a false positive');
+    });
+  });
+
+  describe('Apollo mutations', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        canAdminVulnerability: true,
+      });
+    });
+
+    it('renders the remove flag button', () => {
+      expect(findRemoveFlagButton().exists()).toBe(true);
+      expect(findRemoveFlagButton().text()).toBe('Remove False Positive Flag');
+    });
+
+    it('calls Apollo mutation with correct parameters when removing flag', async () => {
+      await findRemoveFlagButton().vm.$emit('click');
+
+      expect(apolloMutateSpy).toHaveBeenCalledWith({
+        mutation: VULNERABILITY_STATE_OBJECTS.dismissed.mutation,
+        variables: {
+          id: defaultVulnerability.id,
+          dismissalReason: 'FALSE_POSITIVE',
+          comment: AI_FP_DISMISSAL_COMMENT,
+        },
+      });
+    });
+  });
+
+  describe('when user cannot admin vulnerability', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        canAdminVulnerability: false,
+      });
+    });
+
+    it('does not render the remove flag button', () => {
+      expect(findRemoveFlagButton().exists()).toBe(false);
+    });
+  });
+
+  describe('when vulnerability is not untriaged', () => {
+    beforeEach(() => {
+      wrapper = createComponent({
+        canAdminVulnerability: true,
+        vulnerability: {
+          ...defaultVulnerability,
+          state: 'RESOLVED',
+        },
+      });
+    });
+
+    it('does not render the remove flag button', () => {
+      expect(findRemoveFlagButton().exists()).toBe(false);
+    });
+  });
+});
-- 
GitLab


From e0ce1d41a308d284711d98d5e96e74a5b7da9831 Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 10:57:19 +0300
Subject: [PATCH 04/10] Add helper data

* ensure we pass latest flag to details page

EE: true
---
 ee/app/helpers/vulnerabilities_helper.rb       | 2 ++
 ee/spec/helpers/vulnerabilities_helper_spec.rb | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ee/app/helpers/vulnerabilities_helper.rb b/ee/app/helpers/vulnerabilities_helper.rb
index f3fc305d1d7a56..53cb5dd01b52a1 100644
--- a/ee/app/helpers/vulnerabilities_helper.rb
+++ b/ee/app/helpers/vulnerabilities_helper.rb
@@ -151,6 +151,8 @@ def vulnerability_finding_data(vulnerability)
       data[:validity_checks_enabled] = finding.project&.security_setting&.validity_checks_enabled || false
     end
 
+    data[:latest_flag] = finding.vulnerability_flags&.last
+
     data
   end
 
diff --git a/ee/spec/helpers/vulnerabilities_helper_spec.rb b/ee/spec/helpers/vulnerabilities_helper_spec.rb
index 1711ea0ffbbb9a..c7e351500cd74e 100644
--- a/ee/spec/helpers/vulnerabilities_helper_spec.rb
+++ b/ee/spec/helpers/vulnerabilities_helper_spec.rb
@@ -524,7 +524,8 @@
             version: 3.1
           }
         ],
-        validity_checks_enabled: be_in([true, false])
+        validity_checks_enabled: be_in([true, false]),
+        latest_flag: anything
       )
 
       expect(subject[:location]['blob_path']).to match(kind_of(String))
-- 
GitLab


From 4f2e68e49b3728cf7561dc7bdc4b8800741bb426 Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 11:01:51 +0300
Subject: [PATCH 05/10] Pass correct param to graphql query

* make param depend on feature flag

EE: true
---
 .../vulnerability_list_graphql.vue            |  1 +
 .../vulnerability_list_graphql_spec.js        | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
index c31804b9e4e004..982d9a71fef7d6 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql.vue
@@ -159,6 +159,7 @@ export default {
         vetEnabled: this.canViewFalsePositive,
         includeExternalIssueLinks: this.hasJiraVulnerabilitiesIntegrationEnabled,
         includeSeverityOverrides: !this.glFeatures.hideVulnerabilitySeverityOverride || false,
+        includeLatestFlag: this.glFeatures.aiExperimentSastFpDetection || false,
         pipelineId: this.pipeline.iid,
         // If we're using "after" we need to use "first", and if we're using "before" we need to
         // use "last". See this comment for more info:
diff --git a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
index 439b29d53a0c65..4b99c4f225e807 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_graphql_spec.js
@@ -62,6 +62,7 @@ describe('Vulnerability list GraphQL component', () => {
     showProjectNamespace = false,
     hasJiraVulnerabilitiesIntegrationEnabled = false,
     hideVulnerabilitySeverityOverride = true,
+    aiExperimentSastFpDetection = false,
     dashboardType = DASHBOARD_TYPE_GROUP,
     apolloProvider = createMockApollo([[groupVulnerabilitiesQuery, vulnerabilitiesHandler]]),
     reportGroupFilters,
@@ -81,6 +82,7 @@ describe('Vulnerability list GraphQL component', () => {
         hasJiraVulnerabilitiesIntegrationEnabled,
         glFeatures: {
           hideVulnerabilitySeverityOverride,
+          aiExperimentSastFpDetection,
         },
         ...provide,
       },
@@ -222,6 +224,24 @@ describe('Vulnerability list GraphQL component', () => {
         expect.objectContaining({ includeSeverityOverrides: true }),
       );
     });
+
+    it('calls query with correct params when `aiExperimentSastFpDetection` FF is disabled', () => {
+      createWrapper({ aiExperimentSastFpDetection: false });
+
+      expect(vulnerabilitiesRequestHandler).toHaveBeenCalledTimes(1);
+      expect(vulnerabilitiesRequestHandler).toHaveBeenCalledWith(
+        expect.objectContaining({ includeLatestFlag: false }),
+      );
+    });
+
+    it('calls query with correct params when `aiExperimentSastFpDetection` FF is enabled', () => {
+      createWrapper({ aiExperimentSastFpDetection: true });
+
+      expect(vulnerabilitiesRequestHandler).toHaveBeenCalledTimes(1);
+      expect(vulnerabilitiesRequestHandler).toHaveBeenCalledWith(
+        expect.objectContaining({ includeLatestFlag: true }),
+      );
+    });
   });
 
   describe('vulnerability list component', () => {
-- 
GitLab


From 9a7487c87c785d33fbf94280a3582df60ec4ba57 Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 11:13:31 +0300
Subject: [PATCH 06/10] Update vulnerability list to display AI possible FP
 badges

* use new ones

Changelog: added
EE: true
---
 .../vulnerability_list.vue                    | 13 +++-
 .../vulnerability_list_spec.js                | 69 ++++++++++++++++++-
 2 files changed, 79 insertions(+), 3 deletions(-)

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
index 512f03f7654f0d..88d43a05f2dac9 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/vulnerability_report/vulnerability_list.vue
@@ -30,6 +30,7 @@ import IssuesBadge from '../issues_badge.vue';
 import SolutionBadge from '../solution_badge.vue';
 import AiFixedBadge from '../ai_fixed_badge.vue';
 import AiResolutionBadge from '../ai_resolution_badge.vue';
+import AiPossibleFpBadge from '../ai_possible_fp_badge.vue';
 import VulnerabilityCommentIcon from '../vulnerability_comment_icon.vue';
 import AiFixInProgressBadge from '../ai_fix_in_progress_badge.vue';
 import VulnerabilityPath from './vulnerability_path.vue';
@@ -66,6 +67,7 @@ export default {
     AiFixedBadge,
     AiResolutionBadge,
     AiFixInProgressBadge,
+    AiPossibleFpBadge,
   },
   directives: {
     GlTooltip: GlTooltipDirective,
@@ -273,6 +275,9 @@ export default {
         !item.mergeRequest?.author?.human
       );
     },
+    hasAiExperimentSastFpDetection(item) {
+      return this.glFeatures.aiExperimentSastFpDetection && item.latestFlag;
+    },
     useConvertReportType(reportType) {
       return convertReportType(reportType);
     },
@@ -526,8 +531,14 @@ export default {
           />
           <ai-fixed-badge v-if="hasAiMergeRequest(item)" />
           <merge-request-badge v-if="item.mergeRequest" :merge-request="item.mergeRequest" />
+          <ai-possible-fp-badge
+            v-if="hasAiExperimentSastFpDetection(item)"
+            data-testid="false-positive-vulnerability"
+            :vulnerability="item"
+            :can-admin-vulnerability="canAdminVulnerability"
+          />
           <false-positive-badge
-            v-if="item.falsePositive"
+            v-else-if="item.falsePositive"
             data-testid="false-positive-vulnerability"
           />
           <solution-badge v-if="item.hasRemediations" />
diff --git a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
index 1bbed3385c87a4..01841068e68a01 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/vulnerability_report/vulnerability_list_spec.js
@@ -11,9 +11,10 @@ import VulnerabilityList from 'ee/security_dashboard/components/shared/vulnerabi
 import VulnerabilityListStatus from 'ee/security_dashboard/components/shared/vulnerability_report/vulnerability_list_status.vue';
 import MergeRequestBadge from 'ee/security_dashboard/components/shared/merge_request_badge.vue';
 import SolutionBadge from 'ee/security_dashboard/components/shared/solution_badge.vue';
+import AiFixedBadge from 'ee/security_dashboard/components/shared/ai_fixed_badge.vue';
 import AiResolutionBadge from 'ee/security_dashboard/components/shared/ai_resolution_badge.vue';
 import AiFixInProgressBadge from 'ee/security_dashboard/components/shared/ai_fix_in_progress_badge.vue';
-import AiFixedBadge from 'ee/security_dashboard/components/shared/ai_fixed_badge.vue';
+import AiPossibleFpBadge from 'ee/security_dashboard/components/shared/ai_possible_fp_badge.vue';
 import { DASHBOARD_TYPE_PROJECT } from 'ee/security_dashboard/constants';
 import FalsePositiveBadge from 'ee/vulnerabilities/components/false_positive_badge.vue';
 import ArchivalBadge from 'ee/vulnerabilities/components/archival_badge.vue';
@@ -75,7 +76,10 @@ describe('Vulnerability list component', () => {
         hasJiraVulnerabilitiesIntegrationEnabled: false,
         canAdminVulnerability: true,
         validityChecksEnabled: false,
-        glFeatures: { validityChecksSecurityFindingStatus: true },
+        glFeatures: {
+          validityChecksSecurityFindingStatus: true,
+          aiExperimentSastFpDetection: false,
+        },
         ...provide,
       }),
     });
@@ -876,6 +880,67 @@ describe('Vulnerability list component', () => {
       it('should not render when the vulnerability does not have a false positive', () => {
         expect(findFalsePositiveBadgeInRow(1).exists()).toBe(false);
       });
+
+      describe('AI possible false positive badge', () => {
+        const findAiPossibleFpBadgeInRow = findComponentBadgeInRow(AiPossibleFpBadge);
+
+        describe('when aiExperimentSastFpDetection feature flag is enabled', () => {
+          beforeEach(() => {
+            newVulnerabilities = generateVulnerabilities();
+            newVulnerabilities[0].latestFlag = {
+              status: 'DETECTED_AS_FP',
+              confidenceScore: 0.5,
+              description: 'This appears to be a false positive because...',
+            };
+            createWrapper({
+              props: { vulnerabilities: newVulnerabilities },
+              provide: {
+                glFeatures: { aiExperimentSastFpDetection: true },
+                canAdminVulnerability: true,
+              },
+            });
+          });
+
+          it('should render AI possible FP badge when vulnerability has latestFlag', () => {
+            expect(findAiPossibleFpBadgeInRow(0).exists()).toBe(true);
+          });
+
+          it('should not render standard false positive badge when AI FP badge is shown', () => {
+            expect(findFalsePositiveBadgeInRow(0).exists()).toBe(false);
+          });
+
+          it('should not render AI possible FP badge for vulnerabilities without latestFlag', () => {
+            expect(findAiPossibleFpBadgeInRow(1).exists()).toBe(false);
+          });
+        });
+
+        describe('when aiExperimentSastFpDetection feature flag is disabled', () => {
+          beforeEach(() => {
+            newVulnerabilities = generateVulnerabilities();
+            newVulnerabilities[0].latestFlag = {
+              status: 'DETECTED_AS_FP',
+              confidenceScore: 0.7,
+              description: 'This appears to be a false positive because...',
+            };
+            newVulnerabilities[0].falsePositive = true;
+            createWrapper({
+              props: { vulnerabilities: newVulnerabilities },
+              provide: {
+                glFeatures: { aiExperimentSastFpDetection: false },
+                canAdminVulnerability: true,
+              },
+            });
+          });
+
+          it('should not render AI possible FP badge even when vulnerability has latestFlag', () => {
+            expect(findAiPossibleFpBadgeInRow(0).exists()).toBe(false);
+          });
+
+          it('should render standard false positive badge when feature flag is disabled', () => {
+            expect(findFalsePositiveBadgeInRow(0).exists()).toBe(true);
+          });
+        });
+      });
     });
 
     describe('solution badge', () => {
-- 
GitLab


From 7ae657c627b400e6cd075dbbbce4173f64b1967f Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 11:56:19 +0300
Subject: [PATCH 07/10] Add vulnerability details support

* display false positive data

Changelog: added
EE: true
---
 .../components/vulnerability_details.vue      |  87 ++++++-
 .../vulnerability_details_spec.js             | 226 +++++++++++++++++-
 2 files changed, 310 insertions(+), 3 deletions(-)

diff --git a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
index ee8360284cb8d3..837a5a7b96ca9b 100644
--- a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
@@ -6,9 +6,13 @@ import {
   GlButton,
   GlTooltipDirective,
   GlLabel,
+  GlProgressBar,
 } from '@gitlab/ui';
 import { isEmpty } from 'lodash';
 import ValidityCheck from 'ee/vulnerabilities/components/validity_check.vue';
+import { createAlert } from '~/alert';
+import { convertToGraphQLId } from '~/graphql_shared/utils';
+import { TYPENAME_VULNERABILITY } from '~/graphql_shared/constants';
 import SafeHtml from '~/vue_shared/directives/safe_html';
 import { renderGFM } from '~/behaviors/markdown/render_gfm';
 import { bodyWithFallBack } from 'ee/vue_shared/security_reports/components/helpers';
@@ -17,6 +21,9 @@ import convertReportType from 'ee/vue_shared/security_reports/store/utils/conver
 import {
   SUPPORTING_MESSAGE_TYPES,
   VULNERABILITY_TRAINING_HEADING,
+  VULNERABILITY_STATE_OBJECTS,
+  CONFIDENCE_SCORES,
+  AI_FP_DISMISSAL_COMMENT,
 } from 'ee/vulnerabilities/constants';
 import { s__, __ } from '~/locale';
 import CodeBlock from '~/vue_shared/components/code_block.vue';
@@ -51,6 +58,7 @@ export default {
     GlTooltipDirective,
     GlButton,
     GlLabel,
+    GlProgressBar,
     HelpPopover,
     DependencyPath,
     ValidityCheck,
@@ -103,6 +111,24 @@ export default {
     isFalsePositive() {
       return Boolean(this.vulnerability.falsePositive);
     },
+    canDismissVulnerability() {
+      return (
+        this.vulnerability.canAdmin &&
+        this.vulnerability.state === VULNERABILITY_STATE_OBJECTS.detected.state
+      );
+    },
+    shouldShowFalsePositive() {
+      return this.isFalsePositive && !this.glFeatures.aiExperimentSastFpDetection;
+    },
+    shouldShowFalsePositiveDuoWorkflowDetails() {
+      return (
+        this.glFeatures.aiExperimentSastFpDetection &&
+        this.vulnerability.latestFlag?.status === 'detected_as_fp'
+      );
+    },
+    vulnerabilityGraphqlId() {
+      return convertToGraphQLId(TYPENAME_VULNERABILITY, this.vulnerability.id);
+    },
     lineNumber() {
       const { startLine: start, endLine: end } = this.location;
       return end > start ? `${start}-${end}` : start;
@@ -287,6 +313,16 @@ export default {
         this.vulnerability.validityChecksEnabled
       );
     },
+
+    confidencePercentage() {
+      return Math.round((this.vulnerability.latestFlag?.confidenceScore ?? 0) * 100);
+    },
+    confidencePercentageVariant() {
+      return this.vulnerability.latestFlag?.confidenceScore >=
+        CONFIDENCE_SCORES.LIKELY_FALSE_POSITIVE
+        ? 'success'
+        : 'warning';
+    },
   },
   mounted() {
     renderGFM(this.$refs.markdownContent);
@@ -334,6 +370,27 @@ export default {
     cvssVersion(cvss) {
       return `v${cvss.version}`;
     },
+    removeFlag() {
+      this.$apollo
+        .mutate({
+          mutation: VULNERABILITY_STATE_OBJECTS.dismissed.mutation,
+          variables: {
+            id: this.vulnerabilityGraphqlId,
+            dismissalReason: 'FALSE_POSITIVE',
+            comment: AI_FP_DISMISSAL_COMMENT,
+          },
+        })
+        .then(() => {
+          window.location.reload();
+        })
+        .catch((error) => {
+          createAlert({
+            message: s__('Vulnerability|Something went wrong while dismissing the vulnerability.'),
+            captureError: true,
+            error,
+          });
+        });
+    },
   },
   i18n: {
     whatIsCvss: {
@@ -375,9 +432,37 @@ export default {
 
 <template>
   <div data-testid="vulnerability-details">
-    <false-positive-alert v-if="isFalsePositive" class="gl-mb-5" />
+    <false-positive-alert v-if="isFalsePositive && shouldShowFalsePositive" class="gl-mb-5" />
 
     <div class="md">
+      <template v-if="shouldShowFalsePositiveDuoWorkflowDetails">
+        <h3>{{ s__('Vulnerability|AI detected false positive') }}</h3>
+        <p>
+          {{
+            s__('Vulnerability|Gitlab Duo has identified this vulnerability as a false positive')
+          }}
+        </p>
+        <div class="gl-mt-2 gl-flex gl-items-center gl-gap-3 gl-font-bold">
+          {{ s__('Vulnerability|AI Confidence Score') }}:
+          <gl-progress-bar
+            :value="confidencePercentage"
+            class="gl-h-3 gl-w-15"
+            :variant="confidencePercentageVariant"
+          />
+          {{ confidencePercentage }}%
+        </div>
+        <h4>{{ s__('Vulnerability|Why this is likely a false positive') }}</h4>
+        <p class="gl-whitespace-pre-wrap">{{ vulnerability.latestFlag.description }}</p>
+        <gl-button
+          v-if="canDismissVulnerability"
+          data-testid="remove-false-positive-button"
+          class="gl-mt-5"
+          variant="link"
+          @click="removeFlag"
+        >
+          {{ s__('Vulnerability|Remove False Positive Flag') }}
+        </gl-button>
+      </template>
       <h3>{{ __('Description') }}</h3>
       <p
         v-if="vulnerability.descriptionHtml"
diff --git a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
index 05d6a66b17a8e0..a3b72b914f6cab 100644
--- a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
+++ b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
@@ -1,4 +1,5 @@
-import { GlLink, GlLabel } from '@gitlab/ui';
+import { nextTick } from 'vue';
+import { GlLink, GlLabel, GlProgressBar } from '@gitlab/ui';
 import { getAllByRole, getByTestId } from '@testing-library/dom';
 import { MountingPortal } from 'portal-vue';
 import ValidityCheck from 'ee/vulnerabilities/components/validity_check.vue';
@@ -6,10 +7,13 @@ import { mountExtended } from 'helpers/vue_test_utils_helper';
 import { renderGFM } from '~/behaviors/markdown/render_gfm';
 import SeverityBadge from 'ee/vue_shared/security_reports/components/severity_badge.vue';
 import VulnerabilityDetails from 'ee/vulnerabilities/components/vulnerability_details.vue';
+import { createAlert } from '~/alert';
 import {
   SUPPORTING_MESSAGE_TYPES,
   VULNERABILITY_TRAINING_HEADING,
   CODE_FLOW_TAB_URL,
+  VULNERABILITY_STATE_OBJECTS,
+  AI_FP_DISMISSAL_COMMENT,
 } from 'ee/vulnerabilities/constants';
 import VulnerabilityTraining from 'ee/vulnerabilities/components/vulnerability_training.vue';
 import FalsePositiveAlert from 'ee/vulnerabilities/components/false_positive_alert.vue';
@@ -18,6 +22,7 @@ import DependencyPath from 'ee/vulnerabilities/components/dependency_path.vue';
 import { stubComponent } from 'helpers/stub_component';
 
 jest.mock('~/behaviors/markdown/render_gfm');
+jest.mock('~/alert');
 
 describe('Vulnerability Details', () => {
   let wrapper;
@@ -26,6 +31,15 @@ describe('Vulnerability Details', () => {
     push: jest.fn(),
   };
 
+  const $apollo = {
+    mutate: jest.fn(),
+  };
+
+  const mocks = {
+    $router,
+    $apollo,
+  };
+
   const vulnerability = {
     id: 123,
     severity: 'bad severity',
@@ -54,6 +68,7 @@ describe('Vulnerability Details', () => {
       validityChecks = false,
       vulnerabilityReportTypeScannerFilter = true,
       dependencyPaths = true,
+      aiExperimentSastFpDetection = false,
     } = {},
   ) => {
     const propsData = {
@@ -69,6 +84,7 @@ describe('Vulnerability Details', () => {
           vulnerabilityReportTypeScannerFilter,
           dependencyPaths,
           validityChecks,
+          aiExperimentSastFpDetection,
         },
       },
       stubs: {
@@ -77,8 +93,9 @@ describe('Vulnerability Details', () => {
           ? { template: '<div><slot name="header"></slot></div>' }
           : true,
         MountingPortal: stubComponent(MountingPortal),
+        DependencyPath: stubComponent(DependencyPath),
       },
-      mocks: { $router },
+      mocks,
     });
   };
 
@@ -140,6 +157,211 @@ describe('Vulnerability Details', () => {
     },
   );
 
+  describe('AI detected false positive', () => {
+    describe('when aiExperimentSastFpDetection feature flag is enabled', () => {
+      const latestFlag = {
+        status: 'detected_as_fp',
+        description: 'This vulnerability appears to be a false positive because...',
+        confidenceScore: 0.85,
+      };
+
+      beforeEach(() => {
+        createWrapper(
+          {
+            falsePositive: true,
+            latestFlag,
+            canAdmin: true,
+            state: 'detected',
+          },
+          { aiExperimentSastFpDetection: true },
+        );
+      });
+
+      it('does not show the regular false positive alert', () => {
+        expect(findFalsePositiveAlert().exists()).toBe(false);
+      });
+
+      it('shows the AI detected false positive section', () => {
+        expect(wrapper.text()).toContain('AI detected false positive');
+        expect(wrapper.text()).toContain(
+          'Gitlab Duo has identified this vulnerability as a false positive',
+        );
+      });
+
+      it('displays the confidence score with progress bar', () => {
+        const progressBar = wrapper.findComponent(GlProgressBar);
+        expect(progressBar.exists()).toBe(true);
+        expect(progressBar.props('value')).toBe(85);
+        expect(progressBar.props('variant')).toBe('success');
+        expect(wrapper.text()).toContain('AI Confidence Score');
+        expect(wrapper.text()).toContain('85%');
+      });
+
+      it('displays the false positive description', () => {
+        expect(wrapper.text()).toContain('Why this is likely a false positive');
+        expect(wrapper.text()).toContain(latestFlag.description);
+      });
+
+      it('shows the remove flag button when user can admin', () => {
+        const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+        expect(button.exists()).toBe(true);
+        expect(button.text()).toBe('Remove False Positive Flag');
+      });
+
+      it('does not show the remove flag button when user cannot admin', () => {
+        createWrapper(
+          {
+            falsePositive: true,
+            latestFlag,
+            canAdmin: false,
+            state: 'detected',
+          },
+          { aiExperimentSastFpDetection: true },
+        );
+
+        const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+        expect(button.exists()).toBe(false);
+      });
+
+      it('does not show the remove flag button when vulnerability is not in detected state', () => {
+        createWrapper(
+          {
+            falsePositive: true,
+            latestFlag,
+            canAdmin: true,
+            state: 'dismissed',
+          },
+          { aiExperimentSastFpDetection: true },
+        );
+
+        const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+        expect(button.exists()).toBe(false);
+      });
+
+      describe('confidence score variants', () => {
+        it.each`
+          confidenceScore | expectedVariant
+          ${0.8}          | ${'success'}
+          ${0.7}          | ${'success'}
+          ${0.69}         | ${'warning'}
+        `(
+          'shows $expectedVariant variant for confidence score $confidenceScore',
+          ({ confidenceScore, expectedVariant }) => {
+            createWrapper(
+              {
+                falsePositive: true,
+                latestFlag: { ...latestFlag, confidenceScore },
+                canAdmin: true,
+                state: 'detected',
+              },
+              { aiExperimentSastFpDetection: true },
+            );
+
+            const progressBar = wrapper.findComponent(GlProgressBar);
+            expect(progressBar.props('variant')).toBe(expectedVariant);
+          },
+        );
+      });
+
+      describe('removing false positive flag', () => {
+        beforeEach(() => {
+          $apollo.mutate.mockReset();
+        });
+
+        it('calls the dismiss mutation with correct parameters when remove flag is clicked', async () => {
+          $apollo.mutate.mockResolvedValue({});
+
+          createWrapper(
+            {
+              id: 123,
+              falsePositive: true,
+              latestFlag,
+              canAdmin: true,
+              state: 'detected',
+            },
+            { aiExperimentSastFpDetection: true },
+          );
+
+          const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+          await button.trigger('click');
+
+          expect($apollo.mutate).toHaveBeenCalledWith({
+            mutation: VULNERABILITY_STATE_OBJECTS.dismissed.mutation,
+            variables: {
+              id: 'gid://gitlab/Vulnerability/123',
+              dismissalReason: 'FALSE_POSITIVE',
+              comment: AI_FP_DISMISSAL_COMMENT,
+            },
+          });
+        });
+
+        it('shows an alert when the mutation fails', async () => {
+          const error = new Error('Mutation failed');
+          $apollo.mutate.mockRejectedValue(error);
+
+          createWrapper(
+            {
+              id: 123,
+              falsePositive: true,
+              latestFlag,
+              canAdmin: true,
+              state: 'detected',
+            },
+            { aiExperimentSastFpDetection: true },
+          );
+
+          const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+          await button.trigger('click');
+
+          await nextTick();
+
+          expect(createAlert).toHaveBeenCalledWith({
+            message: 'Something went wrong while dismissing the vulnerability.',
+            captureError: true,
+            error,
+          });
+        });
+      });
+    });
+
+    describe('when aiExperimentSastFpDetection feature flag is disabled', () => {
+      it('shows the regular false positive alert when falsePositive is true', () => {
+        createWrapper(
+          {
+            falsePositive: true,
+            latestFlag: {
+              status: 'detected_as_fp',
+              description: 'This vulnerability appears to be a false positive because...',
+              confidenceScore: 0.85,
+            },
+          },
+          { aiExperimentSastFpDetection: false },
+        );
+
+        expect(findFalsePositiveAlert().exists()).toBe(true);
+        expect(wrapper.text()).not.toContain('AI detected false positive');
+      });
+    });
+
+    describe('when latestFlag status is not detected_as_fp', () => {
+      it('does not show the AI detected false positive section', () => {
+        createWrapper(
+          {
+            falsePositive: true,
+            latestFlag: {
+              status: 'other_status',
+              description: 'Some description',
+              confidenceScore: 0.85,
+            },
+          },
+          { aiExperimentSastFpDetection: true },
+        );
+
+        expect(wrapper.text()).not.toContain('AI detected false positive');
+      });
+    });
+  });
+
   it('renders description when descriptionHtml is not present', () => {
     createWrapper({
       descriptionHtml: null,
-- 
GitLab


From ce8be09f934c06516b5d1901144cb6ffb353e081 Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 11:58:15 +0300
Subject: [PATCH 08/10] Add locale files

* regenerate locales

EE: true
---
 .../components/vulnerability_details.vue      |  2 +-
 .../vulnerability_details_spec.js             |  2 +-
 locale/gitlab.pot                             | 27 +++++++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
index 837a5a7b96ca9b..17647da273c3a5 100644
--- a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
@@ -451,7 +451,7 @@ export default {
           />
           {{ confidencePercentage }}%
         </div>
-        <h4>{{ s__('Vulnerability|Why this is likely a false positive') }}</h4>
+        <h4>{{ s__('Vulnerability|Why it is likely a false positive') }}</h4>
         <p class="gl-whitespace-pre-wrap">{{ vulnerability.latestFlag.description }}</p>
         <gl-button
           v-if="canDismissVulnerability"
diff --git a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
index a3b72b914f6cab..89d49a5462047c 100644
--- a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
+++ b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
@@ -198,7 +198,7 @@ describe('Vulnerability Details', () => {
       });
 
       it('displays the false positive description', () => {
-        expect(wrapper.text()).toContain('Why this is likely a false positive');
+        expect(wrapper.text()).toContain('Why it is likely a false positive');
         expect(wrapper.text()).toContain(latestFlag.description);
       });
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 406d5ca4377766..c90932924a0924 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -72979,9 +72979,15 @@ msgstr ""
 msgid "Vulnerability|A solution is available for this vulnerability"
 msgstr ""
 
+msgid "Vulnerability|AI Confidence Score"
+msgstr ""
+
 msgid "Vulnerability|AI Generating Fix"
 msgstr ""
 
+msgid "Vulnerability|AI detected false positive"
+msgstr ""
+
 msgid "Vulnerability|AI has created a merge request to resolve this vulnerability"
 msgstr ""
 
@@ -73063,6 +73069,9 @@ msgstr ""
 msgid "Vulnerability|Detection method"
 msgstr ""
 
+msgid "Vulnerability|Dismissed as false positive detected by Duo AI"
+msgstr ""
+
 msgid "Vulnerability|Enter the associated CVE or CWE entries for this vulnerability."
 msgstr ""
 
@@ -73090,6 +73099,9 @@ msgstr ""
 msgid "Vulnerability|GitLab checks if detected secrets are active. You should revoke and replace active secrets immediately, because they can be used to impersonate legitimate activity."
 msgstr ""
 
+msgid "Vulnerability|Gitlab Duo has identified this vulnerability as a false positive"
+msgstr ""
+
 msgid "Vulnerability|Identifier"
 msgstr ""
 
@@ -73117,6 +73129,9 @@ msgstr ""
 msgid "Vulnerability|Information related to how the vulnerability was discovered and its impact on the system."
 msgstr ""
 
+msgid "Vulnerability|Likely FP"
+msgstr ""
+
 msgid "Vulnerability|Links"
 msgstr ""
 
@@ -73126,12 +73141,18 @@ msgstr ""
 msgid "Vulnerability|Namespace:"
 msgstr ""
 
+msgid "Vulnerability|Possible FP"
+msgstr ""
+
 msgid "Vulnerability|Possibly active secret"
 msgstr ""
 
 msgid "Vulnerability|Project:"
 msgstr ""
 
+msgid "Vulnerability|Remove False Positive Flag"
+msgstr ""
+
 msgid "Vulnerability|Remove identifier row"
 msgstr ""
 
@@ -73168,6 +73189,9 @@ msgstr ""
 msgid "Vulnerability|Severity:"
 msgstr ""
 
+msgid "Vulnerability|Something went wrong while dismissing the vulnerability."
+msgstr ""
+
 msgid "Vulnerability|Something went wrong while trying to get the source file."
 msgstr ""
 
@@ -73264,6 +73288,9 @@ msgstr ""
 msgid "Vulnerability|What is code flow?"
 msgstr ""
 
+msgid "Vulnerability|Why it is likely a false positive"
+msgstr ""
+
 msgid "Vulnerability|circular dependency"
 msgstr ""
 
-- 
GitLab


From 58c80615c18b1ca421a83bb35a992b9908f7ec5a Mon Sep 17 00:00:00 2001
From: Illya Klymov <xanf@xanf.me>
Date: Wed, 8 Oct 2025 12:18:31 +0300
Subject: [PATCH 09/10] Implement refetching

* refetch queries on FP dismissal

EE: true
---
 .../components/shared/ai_possible_fp_badge.vue              | 6 ++++++
 .../components/shared/ai_possible_fp_badge_spec.js          | 1 +
 2 files changed, 7 insertions(+)

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
index 7d5b8c5f88220a..d0f8f6dc5c0b24 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
@@ -22,6 +22,11 @@ export default {
     GlProgressBar,
     GlTruncateText,
   },
+  inject: {
+    vulnerabilitiesQuery: {
+      default: null,
+    },
+  },
   props: {
     vulnerability: {
       type: Object,
@@ -73,6 +78,7 @@ export default {
             dismissalReason: 'FALSE_POSITIVE',
             comment: AI_FP_DISMISSAL_COMMENT,
           },
+          refetchQueries: [this.vulnerabilitiesQuery],
         })
         .catch((error) => {
           createAlert({
diff --git a/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js b/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js
index 495b013bb7bcdf..f01efa05985ce6 100644
--- a/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/shared/ai_possible_fp_badge_spec.js
@@ -193,6 +193,7 @@ describe('AiPossibleFpBadge', () => {
           dismissalReason: 'FALSE_POSITIVE',
           comment: AI_FP_DISMISSAL_COMMENT,
         },
+        refetchQueries: [null],
       });
     });
   });
-- 
GitLab


From 00e1bdc790b0be708b3ff0fd8fbf76acac803547 Mon Sep 17 00:00:00 2001
From: Illya Klymov <iklymov@gitlab.com>
Date: Wed, 8 Oct 2025 13:03:13 +0300
Subject: [PATCH 10/10] Apply 1 suggestion(s) to 1 file(s)

Co-authored-by: GitLab Duo <gitlab-duo@gitlab.com>
---
 .../components/shared/ai_possible_fp_badge.vue                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
index d0f8f6dc5c0b24..c12bce58d7ff13 100644
--- a/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/shared/ai_possible_fp_badge.vue
@@ -60,7 +60,7 @@ export default {
       return this.isLikelyFalsePositive ? 'success' : 'warning';
     },
     confidencePercentage() {
-      return Math.floor(this.flag.confidenceScore * 100);
+      return Math.round(this.flag.confidenceScore * 100);
     },
     canDismissVulnerability() {
       return (
-- 
GitLab