Security Report JSON format improvements to consider

Problem to solve

The current JSON report format we use for security reports needs improvements to broader usage.

Intended users

• Sasha (Software Developer)

Further details

Proposal

To be discussed further, maybe open separate issues for each of them.

1. deprecate the cve property, replace it with a remediation_id to be used in the remediation.fixes as a reference for which vulnerabilities get fixed by that remediation. (TDB further since remediation_id looks like inverse relationship at first)
2. deprecate category property, replace it with report_type
3. disambiguate name vs message, possible deprecate name if we can't rely on it for all scanners

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references