Merge branch 'cleanup-sast-fixtures' into 'master'

chore: Cleanup SAST report fixtures See merge request gitlab-org/gitlab!57875

Merge branch 'cleanup-sast-fixtures' into 'master'
chore: Cleanup SAST report fixtures See merge request gitlab-org/gitlab!57875
6940fec3 · Douglas Barbosa Alexandre · 7335c312 · 9c880db3 · 6940fec3 · 6940fec3
Commit 6940fec3 authored Apr 06, 2021 by Douglas Barbosa Alexandre
15 changed files
--- a/ee/spec/finders/security/findings_finder_spec.rb
+++ b/ee/spec/finders/security/findings_finder_spec.rb
@@ -112,13 +112,13 @@ RSpec.describe Security::FindingsFinder do
        subject { finder_result.total_pages }

        context 'when the per_page is not provided' do
-          it { is_expected.to be(2) }
+          it { is_expected.to be(1) }
        end

        context 'when the per_page is provided' do
-          let(:per_page) { 100 }
+          let(:per_page) { 3 }

-          it { is_expected.to be(1) }
+          it { is_expected.to be(3) }
        end
      end

@@ -126,13 +126,13 @@ RSpec.describe Security::FindingsFinder do
        subject { finder_result.total_count }

        context 'when the scope is not provided' do
-          it { is_expected.to be(35) }
+          it { is_expected.to be(8) }
        end

        context 'when the scope is provided as `all`' do
          let(:scope) { 'all' }

-          it { is_expected.to be(36) }
+          it { is_expected.to be(8) }
        end
      end

@@ -140,6 +140,9 @@ RSpec.describe Security::FindingsFinder do
        subject { finder_result.next_page }

        context 'when the page is not provided' do
+          # Limit per_page to force pagination on smaller dataset
+          let(:per_page) { 2 }
+
          it { is_expected.to be(2) }
        end

@@ -159,6 +162,8 @@ RSpec.describe Security::FindingsFinder do

        context 'when the page is provided' do
          let(:page) { 2 }
+          # Limit per_page to force pagination on smaller dataset
+          let(:per_page) { 2 }

          it { is_expected.to be(1) }
        end
@@ -172,24 +177,12 @@ RSpec.describe Security::FindingsFinder do
            %w[
              4ae096451135db224b9e16818baaca8096896522
              0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
-              117590fc6b3841014366f335f494d1aa36ce7b46
-              8fac98c156431a8bdb7a69a935cc564c314ab776
-              95566733fc91301623055363a77124410592af7e
-              0314c9673160662292cfab1af6dc5c880fb73717
-              4e44f4045e2a27d147d08895acf8df502f440f96
-              b5f82291ed084fe134af5a9b90a8078ab802a6cc
-              98366a28fa80b23a1dafe2b36e239a04909495c4
+              157f362acf654c60e224400f59a088e1c01b369f
              b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
-              cefacf9f36c487d04f33c59f22e6c402bff5300a
-              d533c3a12403b6c6033a50b53f9c73f894a40fc6
-              92c7bdc63a9908bddbc5b66c95e93e99a1927879
-              dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
-              be6f6e4fb5bdfd8819e70d930b32798b38a361e0
-              f603dd8517800823df02a8f1e5621b56c00710d8
-              21b17b6ced16fe507dd5b71bca24f0515d04fb7e
-              f1dde46676cd2a8e48f0837e5dae77087419b09c
-              fec8863c5c1b4ed58eddf7722a9f1598af3aca70
-              e325e114daf41074d41d1ebe1869158c4f7594dc
+              baf3e36cda35331daed7a3e80155533d552844fa
+              3204893d5894c74aaee86ce5bc28427f9f14e512
+              98366a28fa80b23a1dafe2b36e239a04909495c4
+              9a644ee1b89ac29d6175dc1170914f47b0531635
            ]
          end

@@ -198,23 +191,12 @@ RSpec.describe Security::FindingsFinder do

        context 'when the page is provided' do
          let(:page) { 2 }
+          # Limit per_page to force pagination on smaller dataset
+          let(:per_page) { 2 }
          let(:expected_fingerprints) do
            %w[
-              51026f8933c463b316c5bc33adb462e4a6f6cff2
-              45cb4c0323b0b4a1adcb66fa1d0684d53e15cc27
-              48f71ab14afcf0f497fb238dc4289294b93873b0
-              18fe6882cdac0f3eac7784a33c9daf20109010ce
-              2cae57e97785a8aef9ae4ed947093d6a908bcc52
-              857969b55ba97d5e1c06ab920b470b009c2f3274
-              e3b452f63d8979e6f3e4839c6ec14b62917758e4
-              63dfc168b8c01a446088c9b8cf68a7d4a2a0013b
-              7b0792ce8db4e2cb74083490e6a87176accea102
-              30ab265fb9e816976b740beb0557ca79e8653bb6
-              81a3b7c4885e64f9013ac904bf118a05bcb7732d
-              ecd3b645971fc2682f5cb23d938037c6f072207f
-              55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
-              3204893d5894c74aaee86ce5bc28427f9f14e512
-              157f362acf654c60e224400f59a088e1c01b369f
+              0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
+              baf3e36cda35331daed7a3e80155533d552844fa
            ]
          end

@@ -222,44 +204,10 @@ RSpec.describe Security::FindingsFinder do
        end

        context 'when the per_page is provided' do
-          let(:per_page) { 40 }
+          let(:per_page) { 1 }
          let(:expected_fingerprints) do
            %w[
-              3204893d5894c74aaee86ce5bc28427f9f14e512
-              157f362acf654c60e224400f59a088e1c01b369f
              4ae096451135db224b9e16818baaca8096896522
-              d533c3a12403b6c6033a50b53f9c73f894a40fc6
-              b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
-              98366a28fa80b23a1dafe2b36e239a04909495c4
-              b5f82291ed084fe134af5a9b90a8078ab802a6cc
-              4e44f4045e2a27d147d08895acf8df502f440f96
-              8fac98c156431a8bdb7a69a935cc564c314ab776
-              95566733fc91301623055363a77124410592af7e
-              0314c9673160662292cfab1af6dc5c880fb73717
-              117590fc6b3841014366f335f494d1aa36ce7b46
-              0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
-              92c7bdc63a9908bddbc5b66c95e93e99a1927879
-              cefacf9f36c487d04f33c59f22e6c402bff5300a
-              dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
-              48f71ab14afcf0f497fb238dc4289294b93873b0
-              45cb4c0323b0b4a1adcb66fa1d0684d53e15cc27
-              e3b452f63d8979e6f3e4839c6ec14b62917758e4
-              857969b55ba97d5e1c06ab920b470b009c2f3274
-              63dfc168b8c01a446088c9b8cf68a7d4a2a0013b
-              7b0792ce8db4e2cb74083490e6a87176accea102
-              2cae57e97785a8aef9ae4ed947093d6a908bcc52
-              18fe6882cdac0f3eac7784a33c9daf20109010ce
-              e325e114daf41074d41d1ebe1869158c4f7594dc
-              51026f8933c463b316c5bc33adb462e4a6f6cff2
-              fec8863c5c1b4ed58eddf7722a9f1598af3aca70
-              f1dde46676cd2a8e48f0837e5dae77087419b09c
-              21b17b6ced16fe507dd5b71bca24f0515d04fb7e
-              be6f6e4fb5bdfd8819e70d930b32798b38a361e0
-              f603dd8517800823df02a8f1e5621b56c00710d8
-              30ab265fb9e816976b740beb0557ca79e8653bb6
-              81a3b7c4885e64f9013ac904bf118a05bcb7732d
-              55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
-              ecd3b645971fc2682f5cb23d938037c6f072207f
            ]
          end

@@ -270,18 +218,10 @@ RSpec.describe Security::FindingsFinder do
          let(:severity_levels) { [:medium] }
          let(:expected_fingerprints) do
            %w[
-              b5f82291ed084fe134af5a9b90a8078ab802a6cc
-              4e44f4045e2a27d147d08895acf8df502f440f96
-              8fac98c156431a8bdb7a69a935cc564c314ab776
-              95566733fc91301623055363a77124410592af7e
-              0314c9673160662292cfab1af6dc5c880fb73717
-              117590fc6b3841014366f335f494d1aa36ce7b46
              0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
-              d533c3a12403b6c6033a50b53f9c73f894a40fc6
+              9a644ee1b89ac29d6175dc1170914f47b0531635
              b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
-              98366a28fa80b23a1dafe2b36e239a04909495c4
-              92c7bdc63a9908bddbc5b66c95e93e99a1927879
-              cefacf9f36c487d04f33c59f22e6c402bff5300a
+              baf3e36cda35331daed7a3e80155533d552844fa
            ]
          end

@@ -292,10 +232,7 @@ RSpec.describe Security::FindingsFinder do
          let(:confidence_levels) { [:low] }
          let(:expected_fingerprints) do
            %w[
-              30ab265fb9e816976b740beb0557ca79e8653bb6
-              81a3b7c4885e64f9013ac904bf118a05bcb7732d
-              55c41a63d2c9c3ea243b9f9cd3254d68fbee2b6b
-              ecd3b645971fc2682f5cb23d938037c6f072207f
+              98366a28fa80b23a1dafe2b36e239a04909495c4
            ]
          end

@@ -321,25 +258,13 @@ RSpec.describe Security::FindingsFinder do
          let(:expected_fingerprints) do
            %w[
              4ae096451135db224b9e16818baaca8096896522
+              157f362acf654c60e224400f59a088e1c01b369f
+              baf3e36cda35331daed7a3e80155533d552844fa
              0bfcfbb70b15a7cecef9a1ea39df15ecfd88949f
-              117590fc6b3841014366f335f494d1aa36ce7b46
-              8fac98c156431a8bdb7a69a935cc564c314ab776
-              95566733fc91301623055363a77124410592af7e
-              0314c9673160662292cfab1af6dc5c880fb73717
-              4e44f4045e2a27d147d08895acf8df502f440f96
-              b5f82291ed084fe134af5a9b90a8078ab802a6cc
              98366a28fa80b23a1dafe2b36e239a04909495c4
              b9c0d1cdc7cb9c180ebb6981abbddc2df0172509
-              cefacf9f36c487d04f33c59f22e6c402bff5300a
-              d533c3a12403b6c6033a50b53f9c73f894a40fc6
-              92c7bdc63a9908bddbc5b66c95e93e99a1927879
-              dd482eab94e695ae85c1a883c4dbe4c74a7e6b2c
-              be6f6e4fb5bdfd8819e70d930b32798b38a361e0
-              f603dd8517800823df02a8f1e5621b56c00710d8
-              db759283b7fb13eae48a3f60db4c7506cdab8f26
-              21b17b6ced16fe507dd5b71bca24f0515d04fb7e
-              f1dde46676cd2a8e48f0837e5dae77087419b09c
-              fec8863c5c1b4ed58eddf7722a9f1598af3aca70
+              3204893d5894c74aaee86ce5bc28427f9f14e512
+              9a644ee1b89ac29d6175dc1170914f47b0531635
            ]
          end


--- a/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
+++ b/ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb
@@ -262,7 +262,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do
        subject { described_class.new(pipeline: pipeline).execute }

        it 'returns all vulnerabilities with all scanners available' do
-          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy]
+          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
        end
      end

@@ -277,11 +277,11 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do

    context 'by all filters' do
      context 'with found entity' do
-        let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy], scope: 'all' } }
+        let(:params) { { report_type: %w[sast dast container_scanning dependency_scanning], scanner: %w[bundler_audit find_sec_bugs gemnasium klar zaproxy], scope: 'all' } }

        it 'filters by all params' do
          expect(subject.findings.count).to eq(cs_count + dast_count + ds_count + sast_count)
-          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bandit bundler_audit find_sec_bugs flawfinder gemnasium klar zaproxy]
+          expect(subject.findings.map(&:scanner).map(&:external_id).uniq).to match_array %w[bundler_audit find_sec_bugs gemnasium klar zaproxy]
          expect(subject.findings.map(&:confidence).uniq).to match_array(%w[unknown low medium high])
          expect(subject.findings.map(&:severity).uniq).to match_array(%w[unknown low medium high critical info])
        end
@@ -326,7 +326,7 @@ RSpec.describe Security::PipelineVulnerabilitiesFinder do

      let(:confirmed_fingerprint) do
        Digest::SHA1.hexdigest(
-          'python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108')
+          'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY')
      end

      let(:resolved_fingerprint) do

--- a/ee/spec/fixtures/security_reports/feature-branch/gl-sast-report.json
+++ b/ee/spec/fixtures/security_reports/feature-branch/gl-sast-report.json
 {
-  "version": "1.2",
+  "version": "14.0.0",
  "vulnerabilities": [
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 1,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
@@ -55,20 +26,15 @@
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 47,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
+      ]
    },
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
      "message": "Predictable pseudorandom number generator",
      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
-      "severity": "Medium",
-      "confidence": "Medium",
+      "severity": "Low",
+      "confidence": "Low",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
@@ -87,153 +53,14 @@
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 41,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 11,
-        "end_line": 11
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 11,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 12,
-        "end_line": 12
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 12,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 13,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 14,
-        "end_line": 14
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 14,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Pickle library appears to be in use, possible security issue.",
-      "cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 15,
-        "end_line": 15
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B301",
-          "value": "B301"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 15,
-      "tool": "bandit"
+      ]
    },
    {
      "category": "sast",
      "name": "ECB mode is insecure",
      "message": "ECB mode is insecure",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
+      "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
+      "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
@@ -241,7 +68,7 @@
        "name": "Find Security Bugs"
      },
      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
+        "file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
        "start_line": 29,
        "end_line": 29,
        "class": "com.gitlab.security_products.tests.App",
@@ -253,19 +80,21 @@
          "name": "Find Security Bugs-ECB_MODE",
          "value": "ECB_MODE",
          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
+        },
+        {
+          "type": "cwe",
+          "name": "CWE-327",
+          "value": "327",
+          "url": "https://cwe.mitre.org/data/definitions/327.html"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
-      "tool": "find_sec_bugs"
+      ]
    },
    {
      "category": "sast",
-      "name": "Cipher with no integrity",
-      "message": "Cipher with no integrity",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:CIPHER_INTEGRITY",
+      "name": "Hard coded key",
+      "message": "Hard coded key",
+      "description": "Hard coded cryptographic key found",
+      "cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
@@ -273,601 +102,72 @@
        "name": "Find Security Bugs"
      },
      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 29,
-        "end_line": 29,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "insecureCypher"
+        "file": "scala-sbt/src/main/scala/example/Main.scala",
+        "start_line": 12,
+        "end_line": 12,
+        "class": "example.Main$",
+        "method": "getBytes"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
-          "name": "Find Security Bugs-CIPHER_INTEGRITY",
-          "value": "CIPHER_INTEGRITY",
-          "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
-        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 14,
-        "end_line": 14
-      },
-      "identifiers": [
+          "name": "Find Security Bugs-HARD_CODE_KEY",
+          "value": "HARD_CODE_KEY",
+          "url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
+        },
        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
+          "type": "cwe",
+          "name": "CWE-321",
+          "value": "321",
+          "url": "https://cwe.mitre.org/data/definitions/321.html"
        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 14,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
+      ]
    },
    {
      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
+      "name": "ECB mode is insecure",
+      "message": "ECB mode is insecure",
+      "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
+      "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29",
      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 10,
-        "end_line": 10
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 10,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 22,
-        "end_line": 22
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B106",
-          "value": "B106",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 22,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'root'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 5,
-        "end_line": 5
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 5,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: ''",
-      "cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 13,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 23,
-        "end_line": 23
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 23,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 24,
-        "end_line": 24
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 24,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
-      "severity": "Low",
      "confidence": "High",
      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 7,
-        "end_line": 7
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
-      "cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B602",
-          "value": "B602",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 1,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 7,
-        "end_line": 8
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with loads module.",
-      "cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
-      "cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
-      "confidence": "Low",
-      "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
+        "id": "find_sec_bugs",
+        "name": "Find Security Bugs"
      },
      "location": {
-        "file": "c/subdir/utils.c",
-        "start_line": 4
+        "file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy",
+        "start_line": 29,
+        "end_line": 29,
+        "class": "com.gitlab.security_products.tests.App",
+        "method": "insecureCypher"
      },
      "identifiers": [
        {
-          "type": "cwe",
-          "name": "CWE-119",
-          "value": "119",
-          "url": "https://cwe.mitre.org/data/definitions/119.html"
+          "type": "find_sec_bugs_type",
+          "name": "Find Security Bugs-ECB_MODE",
+          "value": "ECB_MODE",
+          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
        },
        {
          "type": "cwe",
-          "name": "CWE-120",
-          "value": "120",
-          "url": "https://cwe.mitre.org/data/definitions/120.html"
+          "name": "CWE-327",
+          "value": "327",
+          "url": "https://cwe.mitre.org/data/definitions/327.html"
        }
-      ],
-      "file": "c/subdir/utils.c",
-      "line": 4,
-      "url": "https://cwe.mitre.org/data/definitions/119.html",
-      "tool": "flawfinder"
+      ]
    }
  ],
  "remediations": [],
  "scan": {
    "scanner": {
-      "id": "gosec",
-      "name": "Gosec",
-      "url": "https://github.com/securego/gosec",
+      "id": "find_sec_bugs",
+      "name": "Find Security Bugs",
+      "url": "https://spotbugs.github.io",
      "vendor": {
        "name": "GitLab"
      },
-      "version": "2.3.0"
+      "version": "4.0.2"
    },
    "type": "sast",
    "status": "success",

--- a/ee/spec/lib/gitlab/ci/parsers/security/sast_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/security/sast_spec.rb
@@ -11,9 +11,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
    let(:created_at) { 2.weeks.ago }

    context "when parsing valid reports" do
-      where(:report_format, :scanner_length) do
-        :sast               | 4
-        :sast_deprecated    | 3
+      where(:report_format, :report_version, :scanner_length, :finding_length, :identifier_length, :file_path, :line) do
+        :sast               | '14.0.0' | 1 | 5  | 6  | 'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy' | 47
+        :sast_deprecated    | '1.2'    | 3 | 33 | 17 | 'python/hardcoded/hardcoded-tmp.py'                                  | 1
      end

      with_them do
@@ -25,8 +25,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
        end

        it "parses all identifiers and findings" do
-          expect(report.findings.length).to eq(33)
-          expect(report.identifiers.length).to eq(17)
+          expect(report.findings.length).to eq(finding_length)
+          expect(report.identifiers.length).to eq(identifier_length)
          expect(report.scanners.length).to eq(scanner_length)
        end

@@ -35,16 +35,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do

          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::Sast)
          expect(location).to have_attributes(
-            file_path: 'python/hardcoded/hardcoded-tmp.py',
-            start_line: 1,
-            end_line: 1,
-            class_name: nil,
-            method_name: nil
+            file_path: file_path,
+            end_line: line,
+            start_line: line
          )
        end

        it "generates expected metadata_version" do
-          expect(report.findings.first.metadata_version).to eq('1.2')
+          expect(report.findings.first.metadata_version).to eq(report_version)
        end
      end
    end

--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -226,7 +226,7 @@ RSpec.describe Ci::Build do
        it 'parses blobs and add the results to the report' do
          subject

-          expect(security_reports.get_report('sast', artifact).findings.size).to eq(33)
+          expect(security_reports.get_report('sast', artifact).findings.size).to eq(5)
        end

        it 'adds the created date to the report' do
@@ -245,7 +245,7 @@ RSpec.describe Ci::Build do
        it 'parses blobs and adds the results to the reports' do
          subject

-          expect(security_reports.get_report('sast', sast_artifact).findings.size).to eq(33)
+          expect(security_reports.get_report('sast', sast_artifact).findings.size).to eq(5)
          expect(security_reports.get_report('dependency_scanning', ds_artifact).findings.size).to eq(4)
          expect(security_reports.get_report('container_scanning', cs_artifact).findings.size).to eq(8)
          expect(security_reports.get_report('dast', dast_artifact).findings.size).to eq(20)

--- a/ee/spec/models/ci/pipeline_spec.rb
+++ b/ee/spec/models/ci/pipeline_spec.rb
@@ -137,7 +137,7 @@ RSpec.describe Ci::Pipeline do
        expect(subject.reports.keys).to contain_exactly('sast', 'dependency_scanning', 'container_scanning')

        # for each of report categories, we have merged 2 reports with the same data (fixture)
-        expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
+        expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(5)
        expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
        expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
      end
@@ -146,7 +146,7 @@ RSpec.describe Ci::Pipeline do
        let(:build_sast_1) { create(:ci_build, :retried, name: 'sast_1', pipeline: pipeline, project: project) }

        it 'does not take retried builds into account' do
-          expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
+          expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(5)
          expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
          expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
        end

--- a/ee/spec/models/ee/ci/job_artifact_spec.rb
+++ b/ee/spec/models/ee/ci/job_artifact_spec.rb
@@ -227,7 +227,7 @@ RSpec.describe Ci::JobArtifact do

    subject(:findings_count) { security_report.findings.length }

-    it { is_expected.to be(33) }
+    it { is_expected.to be(5) }

    context 'for different types' do
      where(:file_type, :security_report?) do

--- a/ee/spec/requests/api/graphql/project/pipeline/security_report_finding_spec.rb
+++ b/ee/spec/requests/api/graphql/project/pipeline/security_report_finding_spec.rb
@@ -64,7 +64,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFindings' do
      end

      it 'returns all the vulnerability findings' do
-        expect(security_report_findings.length).to eq(53)
+        expect(security_report_findings.length).to eq(25)
      end

      it 'returns all the queried fields', :aggregate_failures do

--- a/ee/spec/requests/api/graphql/project/pipeline/security_report_summary_spec.rb
+++ b/ee/spec/requests/api/graphql/project/pipeline/security_report_summary_spec.rb
@@ -78,7 +78,7 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportSummary' do
  it 'shows the vulnerabilitiesCount and scannedResourcesCount' do
    expect(security_report_summary.dig('dast', 'vulnerabilitiesCount')).to eq(20)
    expect(security_report_summary.dig('dast', 'scannedResourcesCount')).to eq(26)
-    expect(security_report_summary.dig('sast', 'vulnerabilitiesCount')).to eq(33)
+    expect(security_report_summary.dig('sast', 'vulnerabilitiesCount')).to eq(5)
  end

  it 'shows the first 20 scanned resources' do

--- a/ee/spec/services/ci/compare_security_reports_service_spec.rb
+++ b/ee/spec/services/ci/compare_security_reports_service_spec.rb
@@ -197,7 +197,7 @@ RSpec.describe Ci::CompareSecurityReportsService do

      it 'reports new vulnerabilities' do
        expect(subject[:status]).to eq(:parsed)
-        expect(subject[:data]['added'].count).to eq(33)
+        expect(subject[:data]['added'].count).to eq(5)
        expect(subject[:data]['fixed'].count).to eq(0)
      end
    end
@@ -218,13 +218,13 @@ RSpec.describe Ci::CompareSecurityReportsService do

      it 'reports new vulnerability' do
        expect(subject[:data]['added'].count).to eq(1)
-        expect(subject[:data]['added'].first['identifiers']).to include(a_hash_including('name' => 'CWE-120'))
+        expect(subject[:data]['added'].first['identifiers']).to include(a_hash_including('name' => 'CWE-327'))
      end

      it 'reports fixed sast vulnerabilities' do
-        expect(subject[:data]['fixed'].count).to eq(4)
+        expect(subject[:data]['fixed'].count).to eq(1)
        compare_keys = collect_ids(subject[:data]['fixed'])
-        expected_keys = %w(char fopen strcpy char)
+        expected_keys = %w(CIPHER_INTEGRITY)
        expect(compare_keys - expected_keys).to eq([])
      end
    end

--- a/ee/spec/services/security/report_summary_service_spec.rb
+++ b/ee/spec/services/security/report_summary_service_spec.rb
@@ -129,7 +129,7 @@ RSpec.describe Security::ReportSummaryService, '#execute' do
    it 'returns the vulnerability count' do
      expect(result).to match(a_hash_including(
                                dast: a_hash_including(vulnerabilities_count: 20),
-                                sast: a_hash_including(vulnerabilities_count: 33),
+                                sast: a_hash_including(vulnerabilities_count: 5),
                                container_scanning: a_hash_including(vulnerabilities_count: 8),
                                dependency_scanning: a_hash_including(vulnerabilities_count: 4)
                              ))

--- a/ee/spec/services/security/store_report_service_spec.rb
+++ b/ee/spec/services/security/store_report_service_spec.rb
@@ -31,7 +31,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
    using RSpec::Parameterized::TableSyntax

    where(:case_name, :trait, :scanners, :identifiers, :findings, :finding_identifiers, :finding_pipelines, :remediations, :fingerprints) do
-      'with SAST report'                | :sast                            | 3 | 17 | 33 | 39 | 33 | 0 | 2
+      'with SAST report'                | :sast                            | 1 | 6  | 5  | 7  | 5  | 0 | 2
      'with exceeding identifiers'      | :with_exceeding_identifiers      | 1 | 20 | 1  | 20 | 1  | 0 | 0
      'with Dependency Scanning report' | :dependency_scanning_remediation | 1 | 3  | 2  | 3  | 2  | 1 | 0
      'with Container Scanning report'  | :container_scanning              | 1 | 8  | 8  | 8  | 8  | 0 | 0
@@ -113,9 +113,13 @@ RSpec.describe Security::StoreReportService, '#execute' do
  end

  context 'with existing data from previous pipeline' do
-    let(:scanner) { build(:vulnerabilities_scanner, project: project, external_id: 'bandit', name: 'Bandit') }
-    let(:identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: 'e6dd15eda2137be0034977a85b300a94a4f243a3') }
-    let(:different_identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: 'fa47ee81f079e5c38ea6edb700b44eaeb62f67ee') }
+    let(:finding_identifier_fingerprint) do
+      build(:ci_reports_security_identifier, external_id: "CIPHER_INTEGRITY").fingerprint
+    end
+
+    let(:scanner) { build(:vulnerabilities_scanner, project: project, external_id: 'find_sec_bugs', name: 'Find Security Bugs') }
+    let(:identifier) { build(:vulnerabilities_identifier, project: project, fingerprint: finding_identifier_fingerprint) }
+    let(:different_identifier) { build(:vulnerabilities_identifier, project: project) }
    let!(:new_artifact) { create(:ee_ci_job_artifact, :sast, job: new_build) }
    let(:new_build) { create(:ci_build, pipeline: new_pipeline) }
    let(:new_pipeline) { create(:ci_pipeline, project: project) }
@@ -129,6 +133,15 @@ RSpec.describe Security::StoreReportService, '#execute' do

    let(:trait) { :sast }

+    let(:finding_location_fingerprint) do
+      build(
+        :ci_reports_security_locations_sast,
+        file_path: "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
+        start_line: "29",
+        end_line: "29"
+      ).fingerprint
+    end
+
    let!(:finding) do
      create(:vulnerabilities_finding,
        pipelines: [pipeline],
@@ -136,8 +149,8 @@ RSpec.describe Security::StoreReportService, '#execute' do
        primary_identifier: identifier,
        scanner: scanner,
        project: project,
-        uuid: "80571acf-8660-4bc8-811a-1d8dec9ab6f4",
-        location_fingerprint: 'd869ba3f0b3347eb2749135a437dc07c8ae0f420')
+        uuid: "e5388f40-18f5-566d-95c6-d64c6f46a00a",
+        location_fingerprint: finding_location_fingerprint)
    end

    let!(:vulnerability) { create(:vulnerability, findings: [finding], project: project) }
@@ -180,30 +193,30 @@ RSpec.describe Security::StoreReportService, '#execute' do
      expect(finding.reload.uuid).to eq(desired_uuid)
    end

-    it 'inserts only new scanners and reuse existing ones' do
-      expect { subject }.to change { Vulnerabilities::Scanner.count }.by(2)
+    it 'reuses existing scanner' do
+      expect { subject }.not_to change { Vulnerabilities::Scanner.count }
    end

    it 'inserts only new identifiers and reuse existing ones' do
-      expect { subject }.to change { Vulnerabilities::Identifier.count }.by(16)
+      expect { subject }.to change { Vulnerabilities::Identifier.count }.by(5)
    end

    it 'inserts only new findings and reuse existing ones' do
-      expect { subject }.to change { Vulnerabilities::Finding.count }.by(32)
+      expect { subject }.to change { Vulnerabilities::Finding.count }.by(4)
    end

    it 'inserts all finding pipelines (join model) for this new pipeline' do
-      expect { subject }.to change { Vulnerabilities::FindingPipeline.where(pipeline: new_pipeline).count }.by(33)
+      expect { subject }.to change { Vulnerabilities::FindingPipeline.where(pipeline: new_pipeline).count }.by(5)
    end

    it 'inserts new vulnerabilities with data from findings from this new pipeline' do
-      expect { subject }.to change { Vulnerability.count }.by(32)
+      expect { subject }.to change { Vulnerability.count }.by(4)
    end

    it 'updates existing findings with new data' do
      subject

-      expect(finding.reload).to have_attributes(severity: 'medium', name: 'Probable insecure usage of temp file/directory.')
+      expect(finding.reload).to have_attributes(severity: 'medium', name: 'Cipher with no integrity')
    end

    it 'updates fingerprints to match new values' do
@@ -234,7 +247,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
    it 'updates existing vulnerability with new data' do
      subject

-      expect(vulnerability.reload).to have_attributes(severity: 'medium', title: 'Probable insecure usage of temp file/directory.', title_html: 'Probable insecure usage of temp file/directory.')
+      expect(vulnerability.reload).to have_attributes(severity: 'medium', title: 'Cipher with no integrity', title_html: 'Cipher with no integrity')
    end

    context 'when the existing vulnerability is resolved with the latest report' do

--- a/ee/spec/services/security/store_scan_service_spec.rb
+++ b/ee/spec/services/security/store_scan_service_spec.rb
@@ -26,14 +26,27 @@ RSpec.describe Security::StoreScanService do

  describe '#execute' do
    let_it_be(:unique_finding_uuid) { artifact.security_report.findings[0].uuid }
-    let_it_be(:duplicate_finding_uuid) { artifact.security_report.findings[5].uuid }
+    let_it_be(:duplicate_finding_uuid) { artifact.security_report.findings[4].uuid }
+
+    let(:finding_location_fingerprint) do
+      build(
+        :ci_reports_security_locations_sast,
+        file_path: "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
+        start_line: "41",
+        end_line: "41"
+      ).fingerprint
+    end
+
+    let(:finding_identifier_fingerprint) do
+      build(:ci_reports_security_identifier, external_id: "PREDICTABLE_RANDOM").fingerprint
+    end

    let(:deduplicate) { false }
    let(:service_object) { described_class.new(artifact, known_keys, deduplicate) }
    let(:finding_key) do
      build(:ci_reports_security_finding_key,
-            location_fingerprint: 'd869ba3f0b3347eb2749135a437dc07c8ae0f420',
-            identifier_fingerprint: 'e6dd15eda2137be0034977a85b300a94a4f243a3')
+            location_fingerprint: finding_location_fingerprint,
+            identifier_fingerprint: finding_identifier_fingerprint)
    end

    subject(:store_scan) { service_object.execute }

--- a/ee/spec/services/security/vulnerability_counting_service_spec.rb
+++ b/ee/spec/services/security/vulnerability_counting_service_spec.rb
@@ -64,7 +64,7 @@ RSpec.describe Security::VulnerabilityCountingService, '#execute' do
      end

      it {
-        is_expected.to match(a_hash_including("sast" => 33,
+        is_expected.to match(a_hash_including("sast" => 5,
                                              "dast" => 20,
                                              "container_scanning" => 8,
                                              "dependency_scanning" => 4))

--- a/spec/fixtures/security_reports/master/gl-sast-report.json
+++ b/spec/fixtures/security_reports/master/gl-sast-report.json
 {
-  "version": "1.2",
+  "version": "14.0.0",
  "vulnerabilities": [
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:52865813c884a507be1f152d654245af34aba8a391626d01f1ab6d3f52ec8779:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 1,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit",
-      "tracking": {
-        "type": "source",
-        "items": [
-          {
-            "file": "python/hardcoded/hardcoded-tmp.py",
-            "start_line": 1,
-            "end_line": 1,
-            "fingerprints": [
-              { "algorithm": "hash", "value": "HASHVALUE" },
-              { "algorithm": "scope_offset", "value": "python/hardcoded/hardcoded-tmp.py:ClassA:method_b:2" }
-            ]
-          }
-        ]
-      }
-    },
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
@@ -69,20 +26,15 @@
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 47,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
+      ]
    },
    {
      "category": "sast",
      "name": "Predictable pseudorandom number generator",
      "message": "Predictable pseudorandom number generator",
      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM",
-      "severity": "Medium",
-      "confidence": "Medium",
+      "severity": "Low",
+      "confidence": "Low",
      "scanner": {
        "id": "find_sec_bugs",
        "name": "Find Security Bugs"
@@ -101,153 +53,48 @@
          "value": "PREDICTABLE_RANDOM",
          "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 41,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:cb203b465dffb0cb3a8e8bd8910b84b93b0a5995a938e4b903dbb0cd6ffa1254:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 11,
-        "end_line": 11
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 11,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:a7173c43ae66bd07466632d819d450e0071e02dbf782763640d1092981f9631b:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 12,
-        "end_line": 12
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 12,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:017017b77deb0b8369b6065947833eeea752a92ec8a700db590fece3e934cf0d:B303",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 13,
-      "tool": "bandit"
+      ]
    },
    {
      "category": "sast",
-      "message": "Use of insecure MD2, MD4, or MD5 hash function.",
-      "cve": "python/imports/imports-aliases.py:45fc8c53aea7b84f06bc4e590cc667678d6073c4c8a1d471177ca2146fb22db2:B303",
+      "name": "ECB mode is insecure",
+      "message": "ECB mode is insecure",
+      "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
+      "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
+        "id": "find_sec_bugs",
+        "name": "Find Security Bugs"
      },
      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 14,
-        "end_line": 14
+        "file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java",
+        "start_line": 29,
+        "end_line": 29,
+        "class": "com.gitlab.security_products.tests.App",
+        "method": "insecureCypher"
      },
      "identifiers": [
        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B303",
-          "value": "B303"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 14,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Pickle library appears to be in use, possible security issue.",
-      "cve": "python/imports/imports-aliases.py:5f200d47291e7bbd8352db23019b85453ca048dd98ea0c291260fa7d009963a4:B301",
-      "severity": "Medium",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 15,
-        "end_line": 15
-      },
-      "identifiers": [
+          "type": "find_sec_bugs_type",
+          "name": "Find Security Bugs-ECB_MODE",
+          "value": "ECB_MODE",
+          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
+        },
        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B301",
-          "value": "B301"
+          "type": "cwe",
+          "name": "CWE-327",
+          "value": "327",
+          "url": "https://cwe.mitre.org/data/definitions/327.html"
        }
-      ],
-      "priority": "Medium",
-      "file": "python/imports/imports-aliases.py",
-      "line": 15,
-      "tool": "bandit"
+      ]
    },
    {
      "category": "sast",
-      "name": "ECB mode is insecure",
-      "message": "ECB mode is insecure",
-      "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:29:ECB_MODE",
+      "name": "Hard coded key",
+      "message": "Hard coded key",
+      "description": "Hard coded cryptographic key found",
+      "cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12",
      "severity": "Medium",
      "confidence": "High",
      "scanner": {
@@ -255,25 +102,26 @@
        "name": "Find Security Bugs"
      },
      "location": {
-        "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-        "start_line": 29,
-        "end_line": 29,
-        "class": "com.gitlab.security_products.tests.App",
-        "method": "insecureCypher"
+        "file": "scala-sbt/src/main/scala/example/Main.scala",
+        "start_line": 12,
+        "end_line": 12,
+        "class": "example.Main$",
+        "method": "getBytes"
      },
      "identifiers": [
        {
          "type": "find_sec_bugs_type",
-          "name": "Find Security Bugs-ECB_MODE",
-          "value": "ECB_MODE",
-          "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
+          "name": "Find Security Bugs-HARD_CODE_KEY",
+          "value": "HARD_CODE_KEY",
+          "url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY"
+        },
+        {
+          "type": "cwe",
+          "name": "CWE-321",
+          "value": "321",
+          "url": "https://cwe.mitre.org/data/definitions/321.html"
        }
-      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
-      "tool": "find_sec_bugs"
+      ]
    },
    {
      "category": "sast",
@@ -301,693 +149,38 @@
          "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
        }
      ],
-      "priority": "Medium",
-      "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
-      "line": 29,
-      "url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
-      "tool": "find_sec_bugs"
-    },
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:63dd4d626855555b816985d82c4614a790462a0a3ada89dc58eb97f9c50f3077:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 14,
-        "end_line": 14
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 14,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Probable insecure usage of temp file/directory.",
-      "cve": "python/hardcoded/hardcoded-tmp.py:4ad6d4c40a8c263fc265f3384724014e0a4f8dd6200af83e51ff120420038031:B108",
-      "severity": "Medium",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-tmp.py",
-        "start_line": 10,
-        "end_line": 10
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B108",
-          "value": "B108",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html"
-        }
-      ],
-      "priority": "Medium",
-      "file": "python/hardcoded/hardcoded-tmp.py",
-      "line": 10,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b108_hardcoded_tmp_directory.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-aliases.py:2c3e1fa1e54c3c6646e8bcfaee2518153c6799b77587ff8d9a7b0631f6d34785:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 1,
-        "end_line": 1
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports.py:af58d07f6ad519ef5287fcae65bf1a6999448a1a3a8bc1ac2a11daa80d0b96bf:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports.py:8de9bc98029d212db530785a5f6780cfa663548746ff228ab8fa96c5bb82f089:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:97c30f1d76d2a88913e3ce9ae74087874d740f87de8af697a9c455f01119f633:B106",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 22,
-        "end_line": 22
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B106",
-          "value": "B106",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 22,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b106_hardcoded_password_funcarg.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'root'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:7431c73a0bc16d94ece2a2e75ef38f302574d42c37ac0c3c38ad0b3bf8a59f10:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 5,
-        "end_line": 5
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 5,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: ''",
-      "cve": "python/hardcoded/hardcoded-passwords.py:d2d1857c27caedd49c57bfbcdc23afcc92bd66a22701fcdc632869aab4ca73ee:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'ajklawejrkl42348swfgkg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:fb3866215a61393a5c9c32a3b60e2058171a23219c353f722cbd3567acab21d2:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 13,
-        "end_line": 13
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 13,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:63c62a8b7e1e5224439bd26b28030585ac48741e28ca64561a6071080c560a5f:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 23,
-        "end_line": 23
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 23,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Possible hardcoded password: 'blerg'",
-      "cve": "python/hardcoded/hardcoded-passwords.py:4311b06d08df8fa58229b341c531da8e1a31ec4520597bdff920cd5c098d86f9:B105",
-      "severity": "Low",
-      "confidence": "Medium",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/hardcoded/hardcoded-passwords.py",
-        "start_line": 24,
-        "end_line": 24
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B105",
-          "value": "B105",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/hardcoded/hardcoded-passwords.py",
-      "line": 24,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b105_hardcoded_password_string.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-function.py:5858400c2f39047787702de44d03361ef8d954c9d14bd54ee1c2bef9e6a7df93:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 4,
-        "end_line": 4
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 4,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-function.py:dbda3cf4190279d30e0aad7dd137eca11272b0b225e8af4e8bf39682da67d956:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-function.py",
-        "start_line": 2,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-function.py",
-      "line": 2,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:eb8a0db9cd1a8c1ab39a77e6025021b1261cc2a0b026b2f4a11fca4e0636d8dd:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 7,
-        "end_line": 7
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell",
-      "cve": "python/imports/imports-aliases.py:f99f9721e27537fbcb6699a4cf39c6740d6234d2c6f06cfc2d9ea977313c483d:B602",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 9,
-        "end_line": 9
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B602",
-          "value": "B602",
-          "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 9,
-      "url": "https://docs.openstack.org/bandit/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html",
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with subprocess module.",
-      "cve": "python/imports/imports-from.py:332a12ab1146698f614a905ce6a6a5401497a12281aef200e80522711c69dcf4:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with Popen module.",
-      "cve": "python/imports/imports-from.py:0a48de4a3d5348853a03666cb574697e3982998355e7a095a798bd02a5947276:B404",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-from.py",
-        "start_line": 1,
-        "end_line": 2
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B404",
-          "value": "B404"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-from.py",
-      "line": 1,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with pickle module.",
-      "cve": "python/imports/imports-aliases.py:51b71661dff994bde3529639a727a678c8f5c4c96f00d300913f6d5be1bbdf26:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 7,
-        "end_line": 8
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 7,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Consider possible security implications associated with loads module.",
-      "cve": "python/imports/imports-aliases.py:6ff02aeb3149c01ab68484d794a94f58d5d3e3bb0d58557ef4153644ea68ea54:B403",
-      "severity": "Low",
-      "confidence": "High",
-      "scanner": {
-        "id": "bandit",
-        "name": "Bandit"
-      },
-      "location": {
-        "file": "python/imports/imports-aliases.py",
-        "start_line": 6,
-        "end_line": 6
-      },
-      "identifiers": [
-        {
-          "type": "bandit_test_id",
-          "name": "Bandit Test ID B403",
-          "value": "B403"
-        }
-      ],
-      "priority": "Low",
-      "file": "python/imports/imports-aliases.py",
-      "line": 6,
-      "tool": "bandit"
-    },
-    {
-      "category": "sast",
-      "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
-      "cve": "c/subdir/utils.c:b466873101951fe96e1332f6728eb7010acbbd5dfc3b65d7d53571d091a06d9e:CWE-119!/CWE-120",
-      "confidence": "Low",
-      "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "c/subdir/utils.c",
-        "start_line": 4
-      },
-      "identifiers": [
-        {
-          "type": "flawfinder_func_name",
-          "name": "Flawfinder - char",
-          "value": "char"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-119",
-          "value": "119",
-          "url": "https://cwe.mitre.org/data/definitions/119.html"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-120",
-          "value": "120",
-          "url": "https://cwe.mitre.org/data/definitions/120.html"
-        }
-      ],
-      "file": "c/subdir/utils.c",
-      "line": 4,
-      "url": "https://cwe.mitre.org/data/definitions/119.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",
-      "cve": "c/subdir/utils.c:bab681140fcc8fc3085b6bba74081b44ea145c1c98b5e70cf19ace2417d30770:CWE-362",
-      "confidence": "Low",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "c/subdir/utils.c",
-        "start_line": 8
-      },
-      "identifiers": [
-        {
-          "type": "flawfinder_func_name",
-          "name": "Flawfinder - fopen",
-          "value": "fopen"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-362",
-          "value": "362",
-          "url": "https://cwe.mitre.org/data/definitions/362.html"
-        }
-      ],
-      "file": "c/subdir/utils.c",
-      "line": 8,
-      "url": "https://cwe.mitre.org/data/definitions/362.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)",
-      "cve": "cplusplus/src/hello.cpp:c8c6dd0afdae6814194cf0930b719f757ab7b379cf8f261e7f4f9f2f323a818a:CWE-119!/CWE-120",
-      "confidence": "Low",
-      "solution": "Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "cplusplus/src/hello.cpp",
-        "start_line": 6
-      },
-      "identifiers": [
-        {
-          "type": "flawfinder_func_name",
-          "name": "Flawfinder - char",
-          "value": "char"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-119",
-          "value": "119",
-          "url": "https://cwe.mitre.org/data/definitions/119.html"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-120",
-          "value": "120",
-          "url": "https://cwe.mitre.org/data/definitions/120.html"
-        }
-      ],
-      "file": "cplusplus/src/hello.cpp",
-      "line": 6,
-      "url": "https://cwe.mitre.org/data/definitions/119.html",
-      "tool": "flawfinder"
-    },
-    {
-      "category": "sast",
-      "message": "Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)",
-      "cve": "cplusplus/src/hello.cpp:331c04062c4fe0c7c486f66f59e82ad146ab33cdd76ae757ca41f392d568cbd0:CWE-120",
-      "confidence": "Low",
-      "solution": "Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",
-      "scanner": {
-        "id": "flawfinder",
-        "name": "Flawfinder"
-      },
-      "location": {
-        "file": "cplusplus/src/hello.cpp",
-        "start_line": 7
-      },
-      "identifiers": [
-        {
-          "type": "flawfinder_func_name",
-          "name": "Flawfinder - strcpy",
-          "value": "strcpy"
-        },
-        {
-          "type": "cwe",
-          "name": "CWE-120",
-          "value": "120",
-          "url": "https://cwe.mitre.org/data/definitions/120.html"
-        }
-      ],
-      "file": "cplusplus/src/hello.cpp",
-      "line": 7,
-      "url": "https://cwe.mitre.org/data/definitions/120.html",
-      "tool": "flawfinder"
+      "tracking": {
+        "type": "source",
+        "items": [
+          {
+            "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy",
+            "start_line": 47,
+            "end_line": 47,
+            "fingerprints": [
+              {
+                "algorithm": "hash",
+                "value": "HASHVALUE"
+              },
+              {
+                "algorithm": "scope_offset",
+                "value": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:App[0]:insecureCypher[0]:2"
+              }
+            ]
+          }
+        ]
+      }
    }
  ],
  "remediations": [],
  "scan": {
    "scanner": {
-      "id": "gosec",
-      "name": "Gosec",
-      "url": "https://github.com/securego/gosec",
+      "id": "find_sec_bugs",
+      "name": "Find Security Bugs",
+      "url": "https://spotbugs.github.io",
      "vendor": {
        "name": "GitLab"
      },
-      "version": "2.3.0"
+      "version": "4.0.2"
    },
    "type": "sast",
    "status": "success",