"Tool" in vulnerability report is inconsistent—either scan type (like "SAST") or scanner (like "GitLab Advanced SAST")

Problem

Today, the word "Tool" means different things in different part of the Vulnerability Report page.

• In the filter box, "Tool" opens a menu that allows users to select from specific scanners, like "GitLab Advanced SAST" or "Semgrep"
• In the table, the column labeled "Tool" only says the scan type, like "SAST" or "Secret Detection".

This makes it difficult for users to spot the fact that results are coming from different scanners. This is particularly impactful when users have transitioned from one scanner to another, for example if they have enable GitLab Advanced SAST. While users can filter the view to show one scanner or the other, there isn't a way to spot which results are from which scanner. Users may also misattribute false positives or other incorrect results from third-party tools to GitLab when there's no visual indication that the result is from a third-party scanner.

Click to expand

Options

• Change the "Tool" column to include the scanner in some way:
  • Keep existing formatting, but change the text to Type (Scanner), like "SAST (Semgrep)"
  • Add some kind of secondary text and use that for the scanner name, or scan type, similar to how the vuln title has the vuln location below it.
• Rename the "Tool" column to "Type" or whatever the proper name is