Vulnerability Explanation and Vulnerability Resolution troubleshooting

Troubleshooting Resource Guide for VE and VR

When working with Vulnerability Resolution and Vulnerability Explanation, you might run into an error. Most commons problems are documented in this section. If you find an undocumented issue, you should document it in this section after you find a solution.

If you need help developing or testing locally, please see the setup guide.

For availability of these features please first check the prerequisites listed here: vulnerability explanation and vulnerability resolution.

Also check: VR troubleshooting guide.

Problem Solution
Duo / VR features aren’t available The group/project may not have assigned Duo Seats. Follow the Duo subscription add-ons instructions.
Upstream errors such as “The upstream AI provider request timed out without responding” This may indicate an issue with our third-party AI. This could be Anthropic outage - check status.
Specific recurring errors like “an unexpected error has occurred” This may indicate an issue with the creation of the diff patch or MR. Refer to Error handling code
False positive errors We handle empty responses and empty <fixed_code> as false positives. Documentation, Response modifier code
If you see that the VR button is disabled, that means that the CWE is not part of the supported list at this time. Feature coverage restriction: VR is available for a set of CWEs, check SSOT doc.
Query custom errors in Elastic Check this dashboard for further investigation.

Dashboard to see logs

  1. Production log dashboard - shows request/response/error
  2. Staging log dashboard

Monitoring VR alerts

  1. Elastic watcher
  2. Slack channel to see alerts: #g_srm_security_insights_ai_error_alerts
  3. Elastic logs used in watcher: https://log.gprd.gitlab.net/app/r/s/foNLr
  4. Error watcher in IaC repo: https://gitlab.com/gitlab-com/runbooks/-/blob/master/elastic/managed-objects/log_gprd/watches/test_g_srm_security_insights_ai_error_watcher.jsonnet
  5. Alert threshold for this watcher is 5 errors over last 90 minutes. If needed the watcher can be deactivated from this page. The threshold value can be changed from the edit page.

Resources

  1. Documentation
  2. LLM Prompts for VE and RV
Last modified January 15, 2025: Update with more watcher info for VR troubleshooting guide (f843654a)
View page source - Edit this page - please contribute. Creative Commons License