Previously we were injecting only the commit sha to security reports
but to be able to make some calculations with the persisted findings
we will need the project information. Therefore, we are now injecting
the pipeline object to reports instead of the commit sha.