Display version of the advisory DB used to generate findings

Problem to solve

Currently, we link a pipeline to a vulnerability report and vulnerability finding to draw attention to the source. With the changes in continuous vulnerability scans, this will no longer be accurate because it will now be possible for a new advisory update to trigger the creation of a vulnerability without a pipeline run.

See #408978 (comment 1568515944)

Proposal

Display version of the advisory database used to generate findings, and surface this information in addition or in place of the pipeline link.

Vulnerability Report
Vulnerability Finding

Edited Sep 21, 2023 by Fabien Catteau