Add scanner name, version and URL to finding display - Parse and expose properties to the API

Main issue

This is a backend sub-issue for #196979 (closed)

Problem to solve

Add additional data (in a backwards compatible way) about the scanner in the findings details to help troubleshooting self-managed instances and dot-com instances. If the new data is not present, show the old data only.

Intended users

Further details

Proposal

Once the scan object will be added to the JSON report (#37123 (closed), #202053 (closed), and #202054 (closed)) we can parse this information and expose it in the API.

Permissions and Security

no changes

Implementation plan

This issue is scoped with MR widget, #196979 (comment 331665213). Standalone vulnerability changed will be handled by another issue

• parse new scan object, and enrich PORO's scan attribute with url and version
• update fixtures for scanners to reflect new format
• Store new information in raw_metadata field in vulnerability_occurrences
• update tests in controllers to make sure we are testing new json structure. (i.e comparison logic, api, dashboard)
• expose data in grape objects

Checklist

Following is simple checklist to make sure everything is working

Make sure following parts are exposing new information added

• Api end points for vulnerability pipeline
• MR widget
• Pipeline security dashboard

Documentation

There should be nothing to update here, please double check.

Testing

Add these new properties to automated tests about parsing and API content.

What does success look like, and how can we measure that?

API exposes additional data provided by the scan object from the JSON report: scanner version and scanner url.

What is the type of buyer?

GitLab Ultimate

Links / references