Allow additional keys for sorting Security Report vulnerabilities
Problem to solve
We want the list of vulnerabilities in our reports to be sorted in a deterministic order.
This is currently achieved by sorting by Severity and then by CompareKey.
Unfortunately there are cases where this is not enough. Though, we do not want to augment the CompareKey to avoid too much volatility.
Intended users
Developers: ~Secure team and Security Reports consumers
Proposal
To solve that in a generic and report_type agnostic way, I suggest we add a SortKey() method to our Go struct Issue and leverage it in the sort.
What does success look like, and how can we measure that?
Order of vulnerabilities is consistent, and allow for easier testing. E.g. this will fix this kind of issues gitlab-org/security-products/tests/js-npm!8 (merged)