Reduce JSON output size by removing redundant vulnerability information

[hogo6002]

Our JSON output includes the full OSV record for each vulnerability, leading to large JSON files (e.g. >20 MB for Ubuntu scans). This data is often unrelated, as one OSV record normally contain information about various packages and ecosystems, while OSV-Scanner already knows the specific affected package and version.

To reduce the output size, we should replace the vulnerability details with a more concise format. One option is to use

osv-scanner/internal/output/output_result.go

Line 59 in de8293c

type VulnResult struct {

[github-actions]

This issue has not had any activity for 60 days and will be automatically closed in two weeks

See https://github.com/google/osv-scanner/blob/main/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.

[github-actions]

Automatically closing stale issue