From 24cf74656b68a0ee9a5670389ed526979bbb2dce Mon Sep 17 00:00:00 2001
From: Nate Rosandich <nrosandich@gitlab.com>
Date: Mon, 15 Dec 2025 13:55:33 +1300
Subject: [PATCH] feat: Always show FP confidence score when available

This allows users to see that FP detection has
run and what score was assigned, even
for lower confidence scores.

Changelog: added
EE: true
---
 .../components/vulnerability_details.vue      | 19 ++++-
 .../vulnerability_details_spec.js             | 83 ++++++++++++++++++-
 locale/gitlab.pot                             |  3 +
 3 files changed, 103 insertions(+), 2 deletions(-)

diff --git a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
index b0b5fa4cc68d73..e21ad5777cd450 100644
--- a/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue
@@ -328,6 +328,12 @@ export default {
         ? 'success'
         : 'warning';
     },
+    shouldShowConfidenceScore() {
+      return (
+        this.glFeatures.aiExperimentSastFpDetection &&
+        this.vulnerability.latestFlag?.confidenceScore != null
+      );
+    },
     vulnerabilityForModal() {
       return { id: this.vulnerabilityGraphqlId };
     },
@@ -437,7 +443,7 @@ export default {
           }}
         </p>
         <div class="gl-mt-2 gl-flex gl-items-center gl-gap-3 gl-font-bold">
-          {{ s__('Vulnerability|AI Confidence Score') }}:
+          {{ s__('Vulnerability|AI false positive Confidence Score') }}:
           <gl-progress-bar
             :value="confidencePercentage"
             class="gl-h-3 gl-w-15"
@@ -460,6 +466,17 @@ export default {
           {{ s__('Vulnerability|Remove False Positive Flag') }}
         </gl-button>
       </template>
+      <template v-else-if="shouldShowConfidenceScore">
+        <div class="gl-mt-2 gl-flex gl-items-center gl-gap-3 gl-font-bold">
+          {{ s__('Vulnerability|AI false positive Confidence Score') }}:
+          <gl-progress-bar
+            :value="confidencePercentage"
+            class="gl-h-3 gl-w-15"
+            :variant="confidencePercentageVariant"
+          />
+          {{ confidencePercentage }}%
+        </div>
+      </template>
       <h3>{{ __('Description') }}</h3>
       <p
         v-if="vulnerability.descriptionHtml"
diff --git a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
index 04e1f324386cf7..2af073f0679453 100644
--- a/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
+++ b/ee/spec/frontend/vulnerabilities/vulnerability_details_spec.js
@@ -191,7 +191,7 @@ describe('Vulnerability Details', () => {
         expect(progressBar.exists()).toBe(true);
         expect(progressBar.props('value')).toBe(85);
         expect(progressBar.props('variant')).toBe('success');
-        expect(wrapper.text()).toContain('AI Confidence Score');
+        expect(wrapper.text()).toContain('AI false positive Confidence Score');
         expect(wrapper.text()).toContain('85%');
       });
 
@@ -366,6 +366,87 @@ describe('Vulnerability Details', () => {
 
       expect(wrapper.text()).not.toContain('AI detected false positive');
     });
+
+    it('shows only the confidence score without title or description', () => {
+      createWrapper(
+        {
+          falsePositive: true,
+          latestFlag: {
+            description: 'Some description',
+            confidenceScore: 0.25,
+          },
+        },
+        { aiExperimentSastFpDetection: true },
+      );
+
+      expect(wrapper.text()).not.toContain('AI detected false positive');
+      expect(wrapper.text()).not.toContain('Why it is likely a false positive');
+      expect(wrapper.text()).not.toContain('Some description');
+      expect(wrapper.text()).toContain('AI false positive Confidence Score');
+      expect(wrapper.text()).toContain('25%');
+    });
+
+    it('displays the confidence score with correct progress bar variant', () => {
+      createWrapper(
+        {
+          falsePositive: true,
+          latestFlag: {
+            description: 'Some description',
+            confidenceScore: 0.25,
+          },
+        },
+        { aiExperimentSastFpDetection: true },
+      );
+
+      const progressBar = wrapper.findComponent(GlProgressBar);
+      expect(progressBar.exists()).toBe(true);
+      expect(progressBar.props('value')).toBe(25);
+      expect(progressBar.props('variant')).toBe('warning');
+    });
+
+    it('does not show the remove flag button', () => {
+      createWrapper(
+        {
+          falsePositive: true,
+          latestFlag: {
+            description: 'Some description',
+            confidenceScore: 0.25,
+          },
+          canAdmin: true,
+          state: 'detected',
+        },
+        { aiExperimentSastFpDetection: true },
+      );
+
+      const button = wrapper.find('[data-testid="remove-false-positive-button"]');
+      expect(button.exists()).toBe(false);
+    });
+
+    it('does not show confidence score when latestFlag is not present', () => {
+      createWrapper(
+        {
+          falsePositive: true,
+        },
+        { aiExperimentSastFpDetection: true },
+      );
+
+      expect(wrapper.text()).not.toContain('AI false positive Confidence Score');
+    });
+
+    it('does not show confidence score when feature flag is disabled', () => {
+      createWrapper(
+        {
+          falsePositive: true,
+          latestFlag: {
+            description: 'Some description',
+            confidenceScore: 0.25,
+          },
+        },
+        { aiExperimentSastFpDetection: false },
+      );
+
+      expect(wrapper.text()).not.toContain('AI false positive Confidence Score');
+    });
   });
 
   it('renders description when descriptionHtml is not present', () => {
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index de441c898f70f4..4a072915a38353 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -75032,6 +75032,9 @@ msgstr ""
 msgid "Vulnerability|AI detected false positive"
 msgstr ""
 
+msgid "Vulnerability|AI false positive Confidence Score"
+msgstr ""
+
 msgid "Vulnerability|AI has created a merge request to resolve this vulnerability"
 msgstr ""
 
-- 
GitLab