Vulnerability Explanation and Vulnerability Resolution troubleshooting
Troubleshooting Resource Guide for VE and VR
When working with Vulnerability Resolution and Vulnerability Explanation, you might run into an error. Most commons problems are documented in this section. If you find an undocumented issue, you should document it in this section after you find a solution.
If you need help developing or testing locally, please see the setup guide.
For availability of these features please first check the prerequisites listed here: vulnerability explanation and vulnerability resolution.
Also check: VR troubleshooting guide.
Problem | Solution |
---|---|
Duo / VR features aren’t available | The group/project may not have assigned Duo Seats. Follow the Duo subscription add-ons instructions. |
Upstream errors such as “The upstream AI provider request timed out without responding” | This may indicate an issue with our third-party AI. This could be Anthropic outage - check status. |
Specific recurring errors like “an unexpected error has occurred” | This may indicate an issue with the creation of the diff patch or MR. Refer to Error handling code |
False positive errors | We handle empty responses and empty <fixed_code> as false positives. Documentation, Response modifier code |
If you see that the VR button is disabled, that means that the CWE is not part of the supported list at this time. | Feature coverage restriction: VR is available for a set of CWEs, check SSOT doc. |
Query custom errors in Elastic | Check this dashboard for further investigation. |
Dashboard to see logs
- Production log dashboard - shows request/response/error
- Staging log dashboard
Monitoring VR alerts
- Elastic watcher
- Slack channel to see alerts:
#g_srm_security_insights_ai_error_alerts
- Elastic logs used in watcher: https://log.gprd.gitlab.net/app/r/s/foNLr
Resources
Last modified November 27, 2024: Move Govern stage pages to be Software Supply Chain Security pages (
320d8823
)