Deprecate and replace `category` property in JSON common security report format

Problem to solve

The current JSON common report format we use for security reports needs improvements to drive broader adoption, particularly by 3rd-party security vendors looking to integrate.

Intended users

• Sasha (Software Developer)

Further details

Proposal

Deprecate category property, replace it with report_type

Permissions and Security

Documentation

Testing

What does success look like, and how can we measure that?

New version of JSON common security report format that includes replacement for category field. Ideally, new version continues to accept category instead of new field.

We can have at least one interested security vendor update their integration successfully to use the new field.

What is the type of buyer?

Links / references

• https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#reports-json-format
• https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#reports-json-format
• https://gitlab.com/gitlab-org/security-products/analyzers/common