Rename Occurrence to Finding

After introducing the first-class vulnerabilities, only the REST API
endpoints, model associations, and controller endpoints were renamed:
former Vulnerabilities became Vulnerability Findings.

https://gitlab.com/gitlab-org/gitlab/issues/10252#terminology

ee/app/finders/security/pipeline_vulnerabilities_finder.rb

@@ -3,7 +3,7 @@
 # Security::PipelineVulnerabilitiesFinder
 #
 # Used to retrieve security vulnerabilities from an associated Pipeline,
-# This involves normalizing Report::Occurrence POROs to Vulnerabilities::Occurrence
+# This involves normalizing Report::Occurrence POROs to Vulnerabilities::Finding
 #
 # Arguments:
 #   pipeline - object to filter vulnerabilities
@@ -26,23 +26,23 @@ module Security
     def execute
       requested_reports = pipeline_reports.select { |report_type| requested_type?(report_type) }
 
-      occurrences = requested_reports.each_with_object([]) do |(type, report), occurrences|
+      findings = requested_reports.each_with_object([]) do |(type, report), findings|
         raise ParseError, 'JSON parsing failed' if report.error.is_a?(Gitlab::Ci::Parsers::Security::Common::SecurityReportParserError)
 
-        normalized_occurrences = normalize_report_occurrences(
-          report.occurrences,
+        normalized_findings = normalize_report_findings(
+          report.findings,
           vulnerabilities_by_finding_fingerprint(type, report))
-        filtered_occurrences = filter(normalized_occurrences)
+        filtered_findings = filter(normalized_findings)
 
-        occurrences.concat(filtered_occurrences)
+        findings.concat(filtered_findings)
       end
 
-      Gitlab::Ci::Reports::Security::AggregatedReport.new(requested_reports.values, sort_occurrences(occurrences))
+      Gitlab::Ci::Reports::Security::AggregatedReport.new(requested_reports.values, sort_findings(findings))
     end
 
     private
 
-    def sort_occurrences(occurrences)
+    def sort_findings(findings)
       # This sort is stable (see https://en.wikipedia.org/wiki/Sorting_algorithm#Stability) contrary to the bare
       # Ruby sort_by method. Using just sort_by leads to instability across different platforms (e.g., x86_64-linux and
       # x86_64-darwin18) which in turn leads to different sorting results for the equal elements across these platforms.
@@ -51,7 +51,7 @@ module Security
       # This is easier to address from within the class rather than from tests because this leads to bad class design
       # and exposing too much of its implementation details to the test suite.
       # See also https://stackoverflow.com/questions/15442298/is-sort-in-ruby-stable.
-      Gitlab::Utils.stable_sort_by(occurrences) { |x| [-x.severity_value, -x.confidence_value] }
+      Gitlab::Utils.stable_sort_by(findings) { |x| [-x.severity_value, -x.confidence_value] }
     end
 
     def pipeline_reports
@@ -59,49 +59,49 @@ module Security
     end
 
     def vulnerabilities_by_finding_fingerprint(report_type, report)
-      Vulnerabilities::Occurrence
+      Vulnerabilities::Finding
         .with_vulnerabilities_for_state(
           project: pipeline.project,
           report_type: report_type,
-          project_fingerprints: report.occurrences.map(&:project_fingerprint))
-       .each_with_object({}) do |occurrence, hash|
-        hash[occurrence.project_fingerprint] = occurrence.vulnerability
+          project_fingerprints: report.findings.map(&:project_fingerprint))
+       .each_with_object({}) do |finding, hash|
+        hash[finding.project_fingerprint] = finding.vulnerability
       end
     end
 
     # This finder is used for fetching vulnerabilities for any pipeline, if we used it to fetch
-    # vulnerabilities for a non-default-branch, the occurrences will be unpersisted, so we
+    # vulnerabilities for a non-default-branch, the findings will be unpersisted, so we
     # coerce the POROs into unpersisted AR records to give them a common object.
     # See https://gitlab.com/gitlab-org/gitlab/issues/33588#note_291849433 for more context
     # on why this happens.
-    def normalize_report_occurrences(report_occurrences, vulnerabilities)
-      report_occurrences.map do |report_occurrence|
-        occurrence_hash = report_occurrence.to_hash
+    def normalize_report_findings(report_findings, vulnerabilities)
+      report_findings.map do |report_finding|
+        finding_hash = report_finding.to_hash
           .except(:compare_key, :identifiers, :location, :scanner)
 
-        occurrence = Vulnerabilities::Occurrence.new(occurrence_hash)
+        finding = Vulnerabilities::Finding.new(finding_hash)
         # assigning Vulnerabilities to Findings to enable the computed state
-        occurrence.location_fingerprint = report_occurrence.location.fingerprint
-        occurrence.vulnerability = vulnerabilities[occurrence.project_fingerprint]
-        occurrence.project = pipeline.project
-        occurrence.sha = pipeline.sha
-        occurrence.build_scanner(report_occurrence.scanner&.to_hash)
-        occurrence.identifiers = report_occurrence.identifiers.map do |identifier|
+        finding.location_fingerprint = report_finding.location.fingerprint
+        finding.vulnerability = vulnerabilities[finding.project_fingerprint]
+        finding.project = pipeline.project
+        finding.sha = pipeline.sha
+        finding.build_scanner(report_finding.scanner&.to_hash)
+        finding.identifiers = report_finding.identifiers.map do |identifier|
           Vulnerabilities::Identifier.new(identifier.to_hash)
         end
 
-        occurrence
+        finding
       end
     end
 
-    def filter(occurrences)
-      occurrences.select do |occurrence|
-        next if !include_dismissed? && dismissal_feedback?(occurrence)
-        next unless confidence_levels.include?(occurrence.confidence)
-        next unless severity_levels.include?(occurrence.severity)
-        next if scanners.present? && !scanners.include?(occurrence.scanner.external_id)
+    def filter(findings)
+      findings.select do |finding|
+        next if !include_dismissed? && dismissal_feedback?(finding)
+        next unless confidence_levels.include?(finding.confidence)
+        next unless severity_levels.include?(finding.severity)
+        next if scanners.present? && !scanners.include?(finding.scanner.external_id)
 
-        occurrence
+        finding
       end
     end
 
@@ -113,8 +113,8 @@ module Security
       params[:scope] == 'all'
     end
 
-    def dismissal_feedback?(occurrence)
-      dismissal_feedback_by_fingerprint[occurrence.project_fingerprint]
+    def dismissal_feedback?(finding)
+      dismissal_feedback_by_fingerprint[finding.project_fingerprint]
     end
 
     def dismissal_feedback_by_fingerprint
@@ -127,15 +127,15 @@ module Security
     end
 
     def confidence_levels
-      Array(params.fetch(:confidence, Vulnerabilities::Occurrence.confidences.keys))
+      Array(params.fetch(:confidence, Vulnerabilities::Finding.confidences.keys))
     end
 
     def report_types
-      Array(params.fetch(:report_type, Vulnerabilities::Occurrence.report_types.keys))
+      Array(params.fetch(:report_type, Vulnerabilities::Finding.report_types.keys))
     end
 
     def severity_levels
-      Array(params.fetch(:severity, Vulnerabilities::Occurrence.severities.keys))
+      Array(params.fetch(:severity, Vulnerabilities::Finding.severities.keys))
     end
 
     def scanners

ee/app/finders/security/vulnerability_findings_finder.rb

@@ -2,7 +2,7 @@
 
 # Security::VulnerabilityFindingsFinder
 #
-# Used to filter Vulnerabilities::Occurrences  by set of params for Security Dashboard
+# Used to filter Vulnerabilities::Findings  by set of params for Security Dashboard
 #
 # Arguments:
 #   pipeline_ids - IDs for the pipelines to fetch vulnerabilities for
@@ -40,7 +40,7 @@ module Security
       return items unless params[:report_type].present?
 
       items.by_report_types(
-        Vulnerabilities::Occurrence::REPORT_TYPES.values_at(
+        Vulnerabilities::Finding::REPORT_TYPES.values_at(
           *params[:report_type]).compact)
     end
 
@@ -54,7 +54,7 @@ module Security
       return items unless params[:severity].present?
 
       items.by_severities(
-        Vulnerabilities::Occurrence::SEVERITY_LEVELS.values_at(
+        Vulnerabilities::Finding::SEVERITY_LEVELS.values_at(
           *params[:severity]).compact)
     end
 
@@ -62,7 +62,7 @@ module Security
       return items unless params[:confidence].present?
 
       items.by_confidences(
-        Vulnerabilities::Occurrence::CONFIDENCE_LEVELS.values_at(
+        Vulnerabilities::Finding::CONFIDENCE_LEVELS.values_at(
           *params[:confidence]).compact)
     end
 
@@ -76,9 +76,9 @@ module Security
 
     def init_collection
       if include_sha
-        ::Vulnerabilities::Occurrence.for_pipelines_with_sha(pipeline_ids)
+        ::Vulnerabilities::Finding.for_pipelines_with_sha(pipeline_ids)
       else
-        ::Vulnerabilities::Occurrence.for_pipelines(pipeline_ids)
+        ::Vulnerabilities::Finding.for_pipelines(pipeline_ids)
       end
     end
   end

ee/app/finders/security/vulnerable_projects_finder.rb

@@ -17,7 +17,7 @@ module Security
     attr_reader :projects
 
     def vulnerabilities
-      ::Vulnerabilities::Occurrence
+      ::Vulnerabilities::Finding
         .select(1)
         .undismissed
         .scoped_project

ee/app/graphql/representation/vulnerability_scanner_entry.rb

@@ -11,7 +11,7 @@ module Representation
     attr_reader :raw_entry
 
     def report_type
-      ::Vulnerabilities::Occurrence::REPORT_TYPES.key(@report_type) || @report_type
+      ::Vulnerabilities::Finding::REPORT_TYPES.key(@report_type) || @report_type
     end
 
     def ==(other)

ee/app/graphql/types/security_report_summary_type.rb

@@ -6,7 +6,7 @@ module Types
     graphql_name 'SecurityReportSummary'
     description 'Represents summary of a security report'
 
-    ::Vulnerabilities::Occurrence::REPORT_TYPES.keys.each do |report_type|
+    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
       field report_type, ::Types::SecurityReportSummarySectionType, null: true,
             description: "Aggregated counts for the #{report_type} scan"
     end

ee/app/graphql/types/vulnerability_location_type.rb

@@ -29,7 +29,7 @@ module Types
       when 'coverage_fuzzing'
         VulnerabilityLocation::CoverageFuzzingType
       else
-        raise UnexpectedReportType, "Report type must be one of #{::Vulnerabilities::Occurrence::REPORT_TYPES.keys}"
+        raise UnexpectedReportType, "Report type must be one of #{::Vulnerabilities::Finding::REPORT_TYPES.keys}"
       end
     end
   end

ee/app/graphql/types/vulnerability_report_type_enum.rb

@@ -5,7 +5,7 @@ module Types
     graphql_name 'VulnerabilityReportType'
     description 'The type of the security scan that found the vulnerability.'
 
-    ::Vulnerabilities::Occurrence::REPORT_TYPES.keys.each do |report_type|
+    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
       value report_type.to_s.upcase, value: report_type.to_s
     end
   end

ee/app/graphql/types/vulnerability_severities_count_type.rb

@@ -6,7 +6,7 @@ module Types
     graphql_name 'VulnerabilitySeveritiesCount'
     description 'Represents vulnerability counts by severity'
 
-    ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity|
+    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
       field severity, GraphQL::INT_TYPE, null: true,
             description: "Number of vulnerabilities of #{severity.upcase} severity of the project"
     end

ee/app/graphql/types/vulnerability_severity_enum.rb

@@ -5,7 +5,7 @@ module Types
     graphql_name 'VulnerabilitySeverity'
     description 'The severity of the vulnerability.'
 
-    ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity|
+    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
       value severity.to_s.upcase, value: severity.to_s
     end
   end

ee/app/graphql/types/vulnerability_type.rb

@@ -22,10 +22,10 @@ module Types
           description: "State of the vulnerability (#{::Vulnerability.states.keys.join(', ').upcase})"
 
     field :severity, VulnerabilitySeverityEnum, null: true,
-          description: "Severity of the vulnerability (#{::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.join(', ').upcase})"
+          description: "Severity of the vulnerability (#{::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.join(', ').upcase})"
 
     field :report_type, VulnerabilityReportTypeEnum, null: true,
-          description: "Type of the security report that found the vulnerability (#{::Vulnerabilities::Occurrence::REPORT_TYPES.keys.join(', ').upcase})"
+          description: "Type of the security report that found the vulnerability (#{::Vulnerabilities::Finding::REPORT_TYPES.keys.join(', ').upcase})"
 
     field :user_notes_count, GraphQL::INT_TYPE, null: false,
           description: 'Number of user notes attached to the vulnerability'

ee/app/models/ee/ci/pipeline.rb

@@ -14,8 +14,8 @@ module EE
       prepended do
         include UsageStatistics
 
-        has_many :vulnerabilities_finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline'
-        has_many :vulnerability_findings, source: :occurrence, through: :vulnerabilities_finding_pipelines, class_name: 'Vulnerabilities::Occurrence'
+        has_many :vulnerabilities_finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :pipeline
+        has_many :vulnerability_findings, source: :finding, through: :vulnerabilities_finding_pipelines, class_name: 'Vulnerabilities::Finding'
 
         has_many :auto_canceled_pipelines, class_name: 'Ci::Pipeline', foreign_key: 'auto_canceled_by_id'
         has_many :auto_canceled_jobs, class_name: 'CommitStatus', foreign_key: 'auto_canceled_by_id'

ee/app/models/ee/project.rb

@@ -63,7 +63,7 @@ module EE
       has_many :vulnerabilities
       has_many :vulnerability_feedback, class_name: 'Vulnerabilities::Feedback'
       has_many :vulnerability_historical_statistics, class_name: 'Vulnerabilities::HistoricalStatistic'
-      has_many :vulnerability_findings, class_name: 'Vulnerabilities::Occurrence' do
+      has_many :vulnerability_findings, class_name: 'Vulnerabilities::Finding', inverse_of: :project do
         def lock_for_confirmation!(id)
           where(vulnerability_id: nil).lock.find(id)
         end
@@ -129,7 +129,7 @@ module EE
       scope :with_protected_branches, -> { joins(:protected_branches) }
       scope :with_repositories_enabled, -> { joins(:project_feature).where(project_features: { repository_access_level: ::ProjectFeature::ENABLED }) }
 
-      scope :with_security_reports_stored, -> { where('EXISTS (?)', ::Vulnerabilities::Occurrence.scoped_project.select(1)) }
+      scope :with_security_reports_stored, -> { where('EXISTS (?)', ::Vulnerabilities::Finding.scoped_project.select(1)) }
       scope :with_security_reports, -> { where('EXISTS (?)', ::Ci::JobArtifact.security_reports.scoped_project.select(1)) }
       scope :with_github_service_pipeline_events, -> { joins(:github_service).merge(GithubService.pipeline_hooks) }
       scope :with_active_prometheus_service, -> { joins(:prometheus_service).merge(PrometheusService.active) }

ee/app/models/vulnerabilities/occurrence.rb → ee/app/models/vulnerabilities/finding.rb

 # frozen_string_literal: true
 
 module Vulnerabilities
-  class Occurrence < ApplicationRecord
+  class Finding < ApplicationRecord
     include ShaAttribute
     include ::Gitlab::Utils::StrongMemoize
     include Presentable
@@ -15,14 +15,15 @@ module Vulnerabilities
     sha_attribute :project_fingerprint
     sha_attribute :location_fingerprint
 
-    belongs_to :project
+    belongs_to :project, inverse_of: :vulnerability_findings
     belongs_to :scanner, class_name: 'Vulnerabilities::Scanner'
-    belongs_to :primary_identifier, class_name: 'Vulnerabilities::Identifier', inverse_of: :primary_occurrences
-    belongs_to :vulnerability, inverse_of: :findings
+    belongs_to :primary_identifier, class_name: 'Vulnerabilities::Identifier', inverse_of: :primary_findings, foreign_key: 'primary_identifier_id'
+    belongs_to :vulnerability, class_name: 'Vulnerability', inverse_of: :findings, foreign_key: 'vulnerability_id'
 
-    has_many :finding_identifiers, class_name: 'Vulnerabilities::FindingIdentifier'
+    has_many :finding_identifiers, class_name: 'Vulnerabilities::FindingIdentifier', inverse_of: :finding, foreign_key: 'occurrence_id'
     has_many :identifiers, through: :finding_identifiers, class_name: 'Vulnerabilities::Identifier'
-    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline'
+
+    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
     has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'
 
     attr_writer :sha
@@ -122,7 +123,7 @@ module Vulnerabilities
     end
 
     def self.with_vulnerabilities_for_state(project:, report_type:, project_fingerprints:)
-      Vulnerabilities::Occurrence
+      Vulnerabilities::Finding
         .joins(:vulnerability)
         .where(
           project: project,

ee/app/models/vulnerabilities/finding_identifier.rb

@@ -4,10 +4,12 @@ module Vulnerabilities
   class FindingIdentifier < ApplicationRecord
     self.table_name = "vulnerability_occurrence_identifiers"
 
-    belongs_to :occurrence, class_name: 'Vulnerabilities::Occurrence'
-    belongs_to :identifier, class_name: 'Vulnerabilities::Identifier'
+    alias_attribute :finding_id, :occurrence_id
 
-    validates :occurrence, presence: true
+    belongs_to :finding, class_name: 'Vulnerabilities::Finding', inverse_of: :finding_identifiers, foreign_key: 'occurrence_id'
+    belongs_to :identifier, class_name: 'Vulnerabilities::Identifier', inverse_of: :finding_identifiers
+
+    validates :finding, presence: true
     validates :identifier, presence: true
     validates :identifier_id, uniqueness: { scope: [:occurrence_id] }
   end

ee/app/models/vulnerabilities/finding_pipeline.rb

@@ -4,10 +4,12 @@ module Vulnerabilities
   class FindingPipeline < ApplicationRecord
     self.table_name = "vulnerability_occurrence_pipelines"
 
-    belongs_to :occurrence, class_name: 'Vulnerabilities::Occurrence'
+    alias_attribute :finding_id, :occurrence_id
+
+    belongs_to :finding, class_name: 'Vulnerabilities::Finding', inverse_of: :finding_pipelines, foreign_key: 'occurrence_id'
     belongs_to :pipeline, class_name: '::Ci::Pipeline'
 
-    validates :occurrence, presence: true
+    validates :finding, presence: true
     validates :pipeline, presence: true
     validates :pipeline_id, uniqueness: { scope: [:occurrence_id] }
   end

ee/app/models/vulnerabilities/identifier.rb

@@ -8,12 +8,12 @@ module Vulnerabilities
 
     sha_attribute :fingerprint
 
-    has_many :finding_identifiers, class_name: 'Vulnerabilities::FindingIdentifier'
-    has_many :occurrences, through: :finding_identifiers, class_name: 'Vulnerabilities::Occurrence'
+    has_many :finding_identifiers, class_name: 'Vulnerabilities::FindingIdentifier', inverse_of: :identifier, foreign_key: 'identifier_id'
+    has_many :findings, through: :finding_identifiers, class_name: 'Vulnerabilities::Finding'
 
-    has_many :primary_occurrences, class_name: 'Vulnerabilities::Occurrence', inverse_of: :primary_identifier
+    has_many :primary_findings, class_name: 'Vulnerabilities::Finding', inverse_of: :primary_identifier, foreign_key: 'primary_identifier_id'
 
-    belongs_to :project
+    belongs_to :project, foreign_key: 'project_id'
 
     validates :project, presence: true
     validates :external_type, presence: true

ee/app/models/vulnerabilities/scanner.rb

@@ -4,7 +4,7 @@ module Vulnerabilities
   class Scanner < ApplicationRecord
     self.table_name = "vulnerability_scanners"
 
-    has_many :occurrences, class_name: 'Vulnerabilities::Occurrence'
+    has_many :findings, class_name: 'Vulnerabilities::Finding', inverse_of: :scanner
 
     belongs_to :project
 
@@ -17,7 +17,7 @@ module Vulnerabilities
 
     scope :for_projects, -> (project_ids) { where(project_id: project_ids) }
     scope :with_report_type, -> do
-      joins(:occurrences)
+      joins(:findings)
         .select('DISTINCT ON ("vulnerability_scanners"."external_id", "vulnerability_occurrences"."report_type") "vulnerability_scanners".*, "vulnerability_occurrences"."report_type" AS "report_type"')
         .order('"vulnerability_scanners"."external_id" ASC, "vulnerability_occurrences"."report_type" ASC')
     end

ee/app/models/vulnerability.rb

@@ -33,7 +33,7 @@ class Vulnerability < ApplicationRecord
 
   has_one :group, through: :project
 
-  has_many :findings, class_name: 'Vulnerabilities::Occurrence', inverse_of: :vulnerability
+  has_many :findings, class_name: 'Vulnerabilities::Finding', inverse_of: :vulnerability
   has_many :issue_links, class_name: 'Vulnerabilities::IssueLink', inverse_of: :vulnerability
   has_many :related_issues, through: :issue_links, source: :issue do
     def with_vulnerability_links
@@ -46,9 +46,9 @@ class Vulnerability < ApplicationRecord
   has_many :user_mentions, class_name: 'VulnerabilityUserMention'
 
   enum state: { detected: 1, dismissed: 2, resolved: 3, confirmed: 4 }
-  enum severity: Vulnerabilities::Occurrence::SEVERITY_LEVELS, _prefix: :severity
-  enum confidence: Vulnerabilities::Occurrence::CONFIDENCE_LEVELS, _prefix: :confidence
-  enum report_type: Vulnerabilities::Occurrence::REPORT_TYPES
+  enum severity: Vulnerabilities::Finding::SEVERITY_LEVELS, _prefix: :severity
+  enum confidence: Vulnerabilities::Finding::CONFIDENCE_LEVELS, _prefix: :confidence
+  enum report_type: Vulnerabilities::Finding::REPORT_TYPES
 
   validates :project, :author, :title, :severity, :confidence, :report_type, presence: true
 

ee/app/presenters/security/vulnerable_project_presenter.rb

@@ -2,7 +2,7 @@
 
 module Security
   class VulnerableProjectPresenter < ::Gitlab::View::Presenter::Delegated
-    SEVERITY_LEVELS = ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys
+    SEVERITY_LEVELS = ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
 
     presents :project
 
@@ -14,7 +14,7 @@ module Security
 
     def counts_for_project(project)
       SEVERITY_LEVELS.each_with_object({}) do |severity, counts|
-        counts["#{severity}_vulnerability_count".to_sym] = ::Vulnerabilities::Occurrence.batch_count_by_project_and_severity(project.id, severity)
+        counts["#{severity}_vulnerability_count".to_sym] = ::Vulnerabilities::Finding.batch_count_by_project_and_severity(project.id, severity)
       end
     end
   end

ee/app/serializers/vulnerabilities/history_entity.rb

@@ -3,7 +3,7 @@
 class Vulnerabilities::HistoryEntity < Grape::Entity
   present_collection true
 
-  Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |level|
+  Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |level|
     expose level do |object|
       counts(by_severity[level]&.group_by(&:day) || {})
     end

ee/app/serializers/vulnerability_summary_entity.rb

 # frozen_string_literal: true
 
 class VulnerabilitySummaryEntity < Grape::Entity
-  Vulnerabilities::Occurrence::SEVERITY_LEVELS.each do |severity_name, severity|
+  Vulnerabilities::Finding::SEVERITY_LEVELS.each do |severity_name, severity|
     expose severity_name do |param|
       object[severity] || 0
     end

ee/app/serializers/vulnerable_project_entity.rb

 # frozen_string_literal: true
 
 class VulnerableProjectEntity < ProjectEntity
-  ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.each_key do |severity_level|
+  ::Vulnerabilities::Finding::SEVERITY_LEVELS.each_key do |severity_level|
     expose "#{severity_level}_vulnerability_count"
   end
 end

ee/app/services/security/dependency_list_service.rb

@@ -75,7 +75,7 @@ module Security
         level_i = dep_i.dig(:vulnerabilities, 0, :severity) || :info
         level_j = dep_j.dig(:vulnerabilities, 0, :severity) || :info
 
-        ::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Occurrence::SEVERITY_LEVELS[level_i]
+        ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_j] <=> ::Vulnerabilities::Finding::SEVERITY_LEVELS[level_i]
       end
     end
   end

ee/app/services/security/merge_reports_service.rb

@@ -34,18 +34,18 @@ module Security
         @source_reports.first.commit_sha,
         @source_reports.first.created_at
       )
-      @occurrences = []
+      @findings = []
     end
 
     def execute
       @source_reports.each do |source|
         copy_scanners_to_target(source)
         copy_identifiers_to_target(source)
-        copy_occurrences_to_buffer(source)
+        copy_findings_to_buffer(source)
         copy_scanned_resources_to_target(source)
       end
 
-      copy_occurrences_to_target
+      copy_findings_to_target
 
       @target_report
     end
@@ -62,8 +62,8 @@ module Security
       source_report.identifiers.values.each { |identifier| @target_report.add_identifier(identifier) }
     end
 
-    def copy_occurrences_to_buffer(source)
-      @occurrences.concat(source.occurrences)
+    def copy_findings_to_buffer(source)
+      @findings.concat(source.findings)
     end
 
     def copy_scanned_resources_to_target(source_report)
@@ -82,49 +82,49 @@ module Security
       end
     end
 
-    def deduplicate_occurrences!
+    def deduplicate_findings!
       seen_identifiers = Set.new
       deduplicated = []
 
-      @occurrences.each do |occurrence|
+      @findings.each do |finding|
         seen = false
 
         # We are looping through all identifiers in order to find the same vulnerabilities reported for the same location
         # but from different source reports and keeping only first of them
-        occurrence.identifiers.each do |identifier|
+        finding.identifiers.each do |identifier|
           # TODO: remove .downcase here after the DAST parser is harmonized to the common library identifiers' keys format
           # See https://gitlab.com/gitlab-org/gitlab/issues/11976#note_191257912
           next if %w[cwe wasc].include?(identifier.external_type.downcase) # ignored because these describe a class of vulnerabilities
 
-          seen = check_or_mark_seen_identifier!(identifier, occurrence.location.fingerprint, seen_identifiers)
+          seen = check_or_mark_seen_identifier!(identifier, finding.location.fingerprint, seen_identifiers)
 
           break if seen
         end
 
-        deduplicated << occurrence unless seen
+        deduplicated << finding unless seen
       end
 
-      @occurrences = deduplicated
+      @findings = deduplicated
     end
 
-    def sort_occurrences!
-      @occurrences.sort! do |a, b|
+    def sort_findings!
+      @findings.sort! do |a, b|
         a_severity, b_severity = a.severity, b.severity
 
         if a_severity == b_severity
           a.compare_key <=> b.compare_key
         else
-          Vulnerabilities::Occurrence::SEVERITY_LEVELS[b_severity] <=>
-            Vulnerabilities::Occurrence::SEVERITY_LEVELS[a_severity]
+          Vulnerabilities::Finding::SEVERITY_LEVELS[b_severity] <=>
+            Vulnerabilities::Finding::SEVERITY_LEVELS[a_severity]
         end
       end
     end
 
-    def copy_occurrences_to_target
-      deduplicate_occurrences!
-      sort_occurrences!
+    def copy_findings_to_target
+      deduplicate_findings!
+      sort_findings!
 
-      @occurrences.each { |occurrence| @target_report.add_occurrence(occurrence) }
+      @findings.each { |finding| @target_report.finding(finding) }
     end
 
     def sort_by_ds_analyzers!

ee/app/services/security/report_summary_service.rb

@@ -5,7 +5,7 @@ module Security
     include Gitlab::Utils::StrongMemoize
 
     # @param [Ci::Pipeline] pipeline
-    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Vulnerabilities::Occurrence::REPORT_TYPES for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
+    # @param [Hash[Symbol, Array[Symbol]] selection_information keys must be in the set of Vulnerabilities::Finding::REPORT_TYPES for example: {dast: [:scanned_resources_count, :vulnerabilities_count], container_scanning:[:vulnerabilities_count]}
     def initialize(pipeline, selection_information)
       @pipeline = pipeline
       @selection_information = selection_information

ee/app/services/security/scanned_resources_counting_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class ScannedResourcesCountingService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Occurrence::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
     def initialize(pipeline, report_types)
       @pipeline = pipeline
       @report_types = report_types

ee/app/services/security/scanned_resources_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class ScannedResourcesService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Occurrence::REPORT_TYPES
+    # @param Array[Symbol] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
     # @param [Int] The maximum number of scanned resources to return
     def initialize(pipeline, report_types, limit = nil)
       @pipeline = pipeline

ee/app/services/security/store_report_service.rb

@@ -30,20 +30,20 @@ module Security
     end
 
     def create_all_vulnerabilities!
-      @report.occurrences.each do |occurrence|
-        create_vulnerability_finding(occurrence)
+      @report.findings.each do |finding|
+        create_vulnerability_finding(finding)
       end
     end
 
-    def create_vulnerability_finding(occurrence)
-      vulnerability_params = occurrence.to_hash.except(:compare_key, :identifiers, :location, :scanner)
-      vulnerability_finding = create_or_find_vulnerability_finding(occurrence, vulnerability_params)
+    def create_vulnerability_finding(finding)
+      vulnerability_params = finding.to_hash.except(:compare_key, :identifiers, :location, :scanner)
+      vulnerability_finding = create_or_find_vulnerability_finding(finding, vulnerability_params)
 
-      update_vulnerability_scanner(occurrence)
+      update_vulnerability_scanner(finding)
 
       update_vulnerability_finding(vulnerability_finding, vulnerability_params)
 
-      occurrence.identifiers.map do |identifier|
+      finding.identifiers.map do |identifier|
         create_or_update_vulnerability_identifier_object(vulnerability_finding, identifier)
       end
 
@@ -53,13 +53,13 @@ module Security
     end
 
     # rubocop: disable CodeReuse/ActiveRecord
-    def create_or_find_vulnerability_finding(occurrence, create_params)
-      return if occurrence.scanner.blank?
+    def create_or_find_vulnerability_finding(finding, create_params)
+      return if finding.scanner.blank?
 
       find_params = {
-        scanner: scanners_objects[occurrence.scanner.key],
-        primary_identifier: identifiers_objects[occurrence.primary_identifier.key],
-        location_fingerprint: occurrence.location.fingerprint
+        scanner: scanners_objects[finding.scanner.key],
+        primary_identifier: identifiers_objects[finding.primary_identifier.key],
+        location_fingerprint: finding.location.fingerprint
       }
 
       begin
@@ -74,11 +74,11 @@ module Security
       end
     end
 
-    def update_vulnerability_scanner(occurrence)
-      return if occurrence.scanner.blank?
+    def update_vulnerability_scanner(finding)
+      return if finding.scanner.blank?
 
-      scanner = scanners_objects[occurrence.scanner.key]
-      scanner.update!(occurrence.scanner.to_hash)
+      scanner = scanners_objects[finding.scanner.key]
+      scanner.update!(finding.scanner.to_hash)
     end
 
     def update_vulnerability_finding(vulnerability_finding, update_params)

ee/app/services/security/vulnerability_counting_service.rb

@@ -6,7 +6,7 @@ module Security
   #
   class VulnerabilityCountingService
     # @param [Ci::Pipeline] pipeline
-    # @param Array[String] report_types Summary report types. Valid values are members of Vulnerabilities::Occurrence::REPORT_TYPES
+    # @param Array[String] report_types Summary report types. Valid values are members of Vulnerabilities::Finding::REPORT_TYPES
     def initialize(pipeline, report_types)
       @pipeline = pipeline
       @report_types = report_types
@@ -14,7 +14,7 @@ module Security
 
     def execute
       findings = ::Security::PipelineVulnerabilitiesFinder.new(pipeline: @pipeline, params: { report_type: @report_types }).execute
-      findings.occurrences.group_by(&:report_type).compact.transform_values(&:size).reverse_merge(no_counts)
+      findings.findings.group_by(&:report_type).compact.transform_values(&:size).reverse_merge(no_counts)
     end
 
     private

ee/app/services/vulnerabilities/create_service.rb

@@ -15,7 +15,7 @@ module Vulnerabilities
 
       vulnerability = Vulnerability.new
 
-      Vulnerabilities::Occurrence.transaction(requires_new: true) do
+      Vulnerabilities::Finding.transaction(requires_new: true) do
         # we're using `lock` instead of `with_lock` to avoid extra call to `find` under the hood
         finding = @project.vulnerability_findings.lock_for_confirmation!(@finding_id)
 

ee/db/fixtures/development/20_vulnerabilities.rb

@@ -128,15 +128,15 @@ class Gitlab::Seeder::Vulnerabilities
   end
 
   def random_confidence_level
-    ::Vulnerabilities::Occurrence::CONFIDENCE_LEVELS.keys.sample
+    ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.keys.sample
   end
 
   def random_severity_level
-    ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.sample
+    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.sample
   end
 
   def random_report_type
-    ::Vulnerabilities::Occurrence::REPORT_TYPES.keys.sample
+    ::Vulnerabilities::Finding::REPORT_TYPES.keys.sample
   end
 
   def metadata(line)

ee/lib/api/vulnerability_findings.rb

@@ -16,11 +16,11 @@ module API
         end
       end
 
-      def vulnerability_occurrences_by(params)
+      def vulnerability_findings_by(params)
         return [] unless pipeline
 
         aggregated_report = Security::PipelineVulnerabilitiesFinder.new(pipeline: pipeline, params: params).execute
-        aggregated_report.occurrences
+        aggregated_report.findings
       end
     end
 
@@ -36,8 +36,8 @@ module API
         optional :report_type, type: Array[String],
                  coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
                  desc: 'The type of report vulnerability belongs to',
-                 values: ::Vulnerabilities::Occurrence.report_types.keys,
-                 default: ::Vulnerabilities::Occurrence.report_types.keys
+                 values: ::Vulnerabilities::Finding.report_types.keys,
+                 default: ::Vulnerabilities::Finding.report_types.keys
         optional :scope, type: String, desc: 'Return vulnerabilities for the given scope: `dismissed` or `all`',
                  default: 'dismissed', values: %w[all dismissed]
         optional :severity,
@@ -45,16 +45,16 @@ module API
                  coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
                  desc: 'Returns vulnerabilities belonging to specified severity level: '\
                        '`info`, `unknown`, `low`, `medium`, `high`, or `critical`. Defaults to all',
-                 values: ::Vulnerabilities::Occurrence.severities.keys,
-                 default: ::Vulnerabilities::Occurrence.severities.keys
+                 values: ::Vulnerabilities::Finding.severities.keys,
+                 default: ::Vulnerabilities::Finding.severities.keys
         optional :confidence,
                  type: Array[String],
                  coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
                  desc: 'Returns vulnerabilities belonging to specified confidence level: '\
                        '`ignore`, `unknown`, `experimental`, `low`, `medium`, `high`, or `confirmed`. '\
                        'Defaults to all',
-                 values: ::Vulnerabilities::Occurrence.confidences.keys,
-                 default: ::Vulnerabilities::Occurrence.confidences.keys
+                 values: ::Vulnerabilities::Finding.confidences.keys,
+                 default: ::Vulnerabilities::Finding.confidences.keys
         optional :scanner,
                  type: Array[String],
                  coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce,
@@ -74,15 +74,15 @@ module API
         # Kaminari.paginate_array here is correct
         # See https://gitlab.com/gitlab-org/gitlab/issues/33588#note_291849433
         # for discussion
-        vulnerability_occurrences = paginate(
+        vulnerability_findings = paginate(
           Kaminari.paginate_array(
-            vulnerability_occurrences_by(declared_params)
+            vulnerability_findings_by(declared_params)
           )
         )
 
-        Gitlab::Vulnerabilities::FindingsPreloader.preload_feedback!(vulnerability_occurrences)
+        Gitlab::Vulnerabilities::FindingsPreloader.preload_feedback!(vulnerability_findings)
 
-        present vulnerability_occurrences,
+        present vulnerability_findings,
                 with: ::Vulnerabilities::FindingEntity,
                 request: GrapeRequestProxy.new(request, current_user)
       end

ee/lib/gitlab/ci/parsers/security/common.rb

@@ -54,7 +54,7 @@ module Gitlab
           def create_vulnerability(report, data, version)
             scanner = create_scanner(report, data['scanner'] || mutate_scanner_tool(data['tool']))
             identifiers = create_identifiers(report, data['identifiers'])
-            report.add_occurrence(
+            report.finding(
               ::Gitlab::Ci::Reports::Security::Occurrence.new(
                 uuid: SecureRandom.uuid,
                 report_type: report.type,
@@ -104,13 +104,13 @@ module Gitlab
           end
 
           def parse_severity_level(input)
-            return input if ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.key?(input)
+            return input if ::Vulnerabilities::Finding::SEVERITY_LEVELS.key?(input)
 
             'unknown'
           end
 
           def parse_confidence_level(input)
-            return input if ::Vulnerabilities::Occurrence::CONFIDENCE_LEVELS.key?(input)
+            return input if ::Vulnerabilities::Finding::CONFIDENCE_LEVELS.key?(input)
 
             'unknown'
           end

ee/lib/gitlab/ci/reports/security/aggregated_report.rb

@@ -7,11 +7,11 @@ module Gitlab
     module Reports
       module Security
         class AggregatedReport
-          attr_reader :occurrences
+          attr_reader :findings
 
-          def initialize(reports, occurrences)
+          def initialize(reports, findings)
             @reports = reports
-            @occurrences = occurrences
+            @findings = findings
           end
 
           def created_at

ee/lib/gitlab/ci/reports/security/report.rb

@@ -10,7 +10,7 @@ module Gitlab
           attr_reader :created_at
           attr_reader :type
           attr_reader :commit_sha
-          attr_reader :occurrences
+          attr_reader :findings
           attr_reader :scanners
           attr_reader :identifiers
 
@@ -21,7 +21,7 @@ module Gitlab
             @type = type
             @commit_sha = commit_sha
             @created_at = created_at
-            @occurrences = []
+            @findings = []
             @scanners = {}
             @identifiers = {}
             @scanned_resources = []
@@ -39,8 +39,8 @@ module Gitlab
             identifiers[identifier.key] ||= identifier
           end
 
-          def add_occurrence(occurrence)
-            occurrences << occurrence
+          def finding(finding)
+            findings << finding
           end
 
           def clone_as_blank
@@ -62,7 +62,7 @@ module Gitlab
           end
 
           def safe?
-            severities = occurrences.map(&:severity).compact.map(&:downcase)
+            severities = findings.map(&:severity).compact.map(&:downcase)
             (severities & UNSAFE_SEVERITIES).empty?
           end
         end

ee/lib/gitlab/ci/reports/security/vulnerability_reports_comparer.rb

@@ -33,20 +33,20 @@ module Gitlab
 
           def added
             strong_memoize(:added) do
-              head_report.occurrences - base_report.occurrences
+              head_report.findings - base_report.findings
             end
           end
 
           def fixed
             strong_memoize(:fixed) do
-              base_report.occurrences - head_report.occurrences
+              base_report.findings - head_report.findings
             end
           end
 
           def existing
             strong_memoize(:existing) do
               # Existing vulnerabilities should point to source report for most recent information
-              head_report.occurrences & base_report.occurrences
+              head_report.findings & base_report.findings
             end
           end
 

ee/lib/gitlab/vulnerabilities/summary.rb

@@ -29,7 +29,7 @@ module Gitlab
           critical:  0
         }
 
-        summary_keys = ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.map(&:to_sym)
+        summary_keys = ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.map(&:to_sym)
 
         project_ids_to_fetch.each do |project_id|
           project_summary = Gitlab::Vulnerabilities::SummaryCache

ee/spec/factories/ci/reports/security/aggregated_reports.rb

@@ -3,10 +3,10 @@
 FactoryBot.define do
   factory :ci_reports_security_aggregated_reports, class: '::Gitlab::Ci::Reports::Security::AggregatedReport' do
     reports { FactoryBot.build_list(:ci_reports_security_report, 1) }
-    occurrences { FactoryBot.build_list(:ci_reports_security_occurrence, 1) }
+    findings { FactoryBot.build_list(:ci_reports_security_finding, 1) }
 
     initialize_with do
-      ::Gitlab::Ci::Reports::Security::AggregatedReport.new(reports, occurrences)
+      ::Gitlab::Ci::Reports::Security::AggregatedReport.new(reports, findings)
     end
   end
 end

ee/spec/factories/ci/reports/security/occurrences.rb

 # frozen_string_literal: true
 
 FactoryBot.define do
-  factory :ci_reports_security_occurrence, class: '::Gitlab::Ci::Reports::Security::Occurrence' do
+  factory :ci_reports_security_finding, class: '::Gitlab::Ci::Reports::Security::Occurrence' do
     compare_key { "#{identifiers.first.external_type}:#{identifiers.first.external_id}:#{location.fingerprint}" }
     confidence { :medium }
     identifiers { Array.new(1) { FactoryBot.build(:ci_reports_security_identifier) } }
@@ -30,7 +30,7 @@ FactoryBot.define do
     end
     scanner factory: :ci_reports_security_scanner
     severity { :high }
-    sequence(:uuid) { generate(:vulnerability_occurrence_uuid) }
+    sequence(:uuid) { generate(:vulnerability_finding_uuid) }
 
     skip_create
 

ee/spec/factories/ci/reports/security/reports.rb

@@ -8,7 +8,7 @@ FactoryBot.define do
     scanned_resources { [] }
 
     transient do
-      occurrences { [] }
+      findings { [] }
       scanners { [] }
       identifiers { [] }
     end
@@ -16,7 +16,7 @@ FactoryBot.define do
     after :build do |report, evaluator|
       evaluator.scanners.each { |s| report.add_scanner(s) }
       evaluator.identifiers.each { |id| report.add_identifier(id) }
-      evaluator.occurrences.each { |o| report.add_occurrence(o) }
+      evaluator.findings.each { |o| report.finding(o) }
     end
 
     skip_create

ee/spec/factories/vulnerabilities.rb

@@ -45,13 +45,13 @@ FactoryBot.define do
       severity { :low }
     end
 
-    ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity_level|
+    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
       trait severity_level do
         severity { severity_level }
       end
     end
 
-    ::Vulnerabilities::Occurrence::REPORT_TYPES.keys.each do |report_type|
+    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |report_type|
       trait report_type do
         report_type { report_type }
       end
@@ -59,20 +59,20 @@ FactoryBot.define do
 
     trait :with_findings do
       after(:build) do |vulnerability|
-        occurrences_with_solution = build_list(
-          :vulnerabilities_occurrence,
+        findings_with_solution = build_list(
+          :vulnerabilities_finding,
           2,
           vulnerability: vulnerability,
           report_type: vulnerability.report_type,
           project: vulnerability.project)
-        occurrences_with_remediation = build_list(
-          :vulnerabilities_occurrence,
+        findings_with_remediation = build_list(
+          :vulnerabilities_finding,
           2,
           :with_remediation,
           vulnerability: vulnerability,
           report_type: vulnerability.report_type,
           project: vulnerability.project)
-        vulnerability.findings = occurrences_with_solution + occurrences_with_remediation
+        vulnerability.findings = findings_with_solution + findings_with_remediation
       end
     end
 

ee/spec/factories/vulnerabilities/finding_identifiers.rb

@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :vulnerabilities_finding_identifier, class: 'Vulnerabilities::FindingIdentifier' do
-    occurrence factory: :vulnerabilities_occurrence
+    finding factory: :vulnerabilities_finding
     identifier factory: :vulnerabilities_identifier
   end
 end

ee/spec/factories/vulnerabilities/finding_pipelines.rb

@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :vulnerabilities_finding_pipeline, class: 'Vulnerabilities::FindingPipeline' do
-    occurrence factory: :vulnerabilities_occurrence
+    finding factory: :vulnerabilities_finding
     pipeline factory: :ci_pipeline
   end
 end

ee/spec/factories/vulnerabilities/occurrences.rb → ee/spec/factories/vulnerabilities/findings.rb

 # frozen_string_literal: true
 
 FactoryBot.define do
-  sequence :vulnerability_occurrence_uuid do |n|
+  sequence :vulnerability_finding_uuid do |n|
     SecureRandom.uuid
   end
 
-  factory :vulnerabilities_occurrence_with_remediation, parent: :vulnerabilities_occurrence do
+  factory :vulnerabilities_finding_with_remediation, parent: :vulnerabilities_finding do
     transient do
       summary { nil }
     end
@@ -24,10 +24,10 @@ FactoryBot.define do
     end
   end
 
-  factory :vulnerabilities_occurrence, class: 'Vulnerabilities::Occurrence', aliases: [:vulnerabilities_finding] do
+  factory :vulnerabilities_finding, class: 'Vulnerabilities::Finding', aliases: [:vulnerabilities_occurrence] do
     name { 'Cipher with no integrity' }
     project
-    sequence(:uuid) { generate(:vulnerability_occurrence_uuid) }
+    sequence(:uuid) { generate(:vulnerability_finding_uuid) }
     project_fingerprint { generate(:project_fingerprint) }
     primary_identifier factory: :vulnerabilities_identifier
     location_fingerprint { '4e5b6966dd100170b4b1ad599c7058cce91b57b4' }
@@ -114,7 +114,7 @@ FactoryBot.define do
       end
     end
 
-    ::Vulnerabilities::Occurrence::REPORT_TYPES.keys.each do |security_report_type|
+    ::Vulnerabilities::Finding::REPORT_TYPES.keys.each do |security_report_type|
       trait security_report_type do
         report_type { security_report_type }
       end

ee/spec/fixtures/api/schemas/vulnerabilities/occurrence_list.json → ee/spec/fixtures/api/schemas/vulnerabilities/finding_list.json

 {
   "type": "array",
-  "items": { "$ref": "occurrence.json" }
+  "items": { "$ref": "finding.json" }
 }

ee/spec/graphql/types/vulnerability_severities_count_type_spec.rb

@@ -4,7 +4,7 @@ require 'spec_helper'
 
 RSpec.describe GitlabSchema.types['VulnerabilitySeveritiesCount'] do
   let_it_be(:fields) do
-    ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys
+    ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys
   end
 
   it { expect(described_class).to have_graphql_fields(fields) }

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_from_dismissal_feedback_spec.rb

@@ -13,9 +13,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFe
   let(:feedback) { table(:vulnerability_feedback) }
   let(:namespaces) { table(:namespaces)}
 
-  let(:severity) { Vulnerabilities::Occurrence::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Occurrence::REPORT_TYPES[:sast] }
+  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
 
   let!(:user) { users.create!(email: 'author@example.com', username: 'author', projects_limit: 10) }
   let!(:project) { projects.create!(namespace_id: namespace.id, name: 'gitlab', path: 'gitlab') }

ee/spec/lib/ee/gitlab/background_migration/update_vulnerabilities_to_dismissed_spec.rb

@@ -12,9 +12,9 @@ RSpec.describe Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed, :m
   let(:identifiers) { table(:vulnerability_identifiers) }
   let(:feedback) { table(:vulnerability_feedback) }
 
-  let(:severity) { Vulnerabilities::Occurrence::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Occurrence::REPORT_TYPES[:sast] }
+  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
 
   let!(:user) { users.create!(id: 13, email: 'author@example.com', username: 'author', projects_limit: 10) }
   let!(:project) { projects.create!(id: 123, namespace_id: 12, name: 'gitlab', path: 'gitlab') }

ee/spec/lib/gitlab/ci/parsers/security/common_spec.rb

@@ -18,10 +18,10 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         parser.parse!(blob, report)
       end
 
-      expect(report.occurrences.map(&:severity)).to include("unknown")
-      expect(report.occurrences.map(&:confidence)).to include("unknown")
-      expect(report.occurrences.map(&:severity)).not_to include("undefined")
-      expect(report.occurrences.map(&:confidence)).not_to include("undefined")
+      expect(report.findings.map(&:severity)).to include("unknown")
+      expect(report.findings.map(&:confidence)).to include("unknown")
+      expect(report.findings.map(&:severity)).not_to include("undefined")
+      expect(report.findings.map(&:confidence)).not_to include("undefined")
     end
 
     context 'parsing remediations' do
@@ -101,7 +101,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         raw_json[:remediations] << fix_with_cve
         parser.parse!(raw_json.to_json, report)
 
-        vulnerability = report.occurrences.find { |x| x.compare_key == "CVE-1020" }
+        vulnerability = report.findings.find { |x| x.compare_key == "CVE-1020" }
         expect(vulnerability.raw_metadata).to include fix_with_cve.to_json
       end
 
@@ -120,7 +120,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         raw_json[:remediations] << fix_with_id
         parser.parse!(raw_json.to_json, report)
 
-        vulnerability = report.occurrences.find { |x| x.compare_key == "CVE-1030" }
+        vulnerability = report.findings.find { |x| x.compare_key == "CVE-1030" }
         expect(vulnerability.raw_metadata).to include fix_with_id.to_json
       end
 
@@ -148,9 +148,9 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         raw_json[:remediations] << fix_with_id << fix_with_cve
         parser.parse!(raw_json.to_json, report)
 
-        vulnerability_1030 = report.occurrences.find { |x| x.compare_key == "CVE-1030" }
+        vulnerability_1030 = report.findings.find { |x| x.compare_key == "CVE-1030" }
         expect(vulnerability_1030.raw_metadata).to include fix_with_id.to_json
-        vulnerability_1020 = report.occurrences.find { |x| x.compare_key == "CVE-1020" }
+        vulnerability_1020 = report.findings.find { |x| x.compare_key == "CVE-1020" }
         expect(vulnerability_1020.raw_metadata).to include fix_with_cve.to_json
       end
 
@@ -179,7 +179,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         raw_json[:remediations] << fix_with_id << fix_with_id_2
         parser.parse!(raw_json.to_json, report)
 
-        report.occurrences.map do |vulnerability|
+        report.findings.map do |vulnerability|
           expect(vulnerability.raw_metadata).not_to include(fix_with_id.to_json)
         end
       end
@@ -208,7 +208,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do
         }
       end
 
-      subject(:scanner) { report.occurrences.first.scanner }
+      subject(:scanner) { report.findings.first.scanner }
 
       before do
         parser.parse!(raw_json.to_json, report)

ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb

@@ -18,14 +18,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::ContainerScanning do
     let(:artifact) { create(:ee_ci_job_artifact, :container_scanning) }
     let(:image) { 'registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e' }
 
-    it "parses all identifiers and occurrences for unapproved vulnerabilities" do
-      expect(report.occurrences.length).to eq(8)
+    it "parses all identifiers and findings for unapproved vulnerabilities" do
+      expect(report.findings.length).to eq(8)
       expect(report.identifiers.length).to eq(8)
       expect(report.scanners.length).to eq(1)
     end
 
     it 'generates expected location' do
-      location = report.occurrences.first.location
+      location = report.findings.first.location
 
       expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
       expect(location).to have_attributes(
@@ -37,11 +37,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::ContainerScanning do
     end
 
     it "generates expected metadata_version" do
-      expect(report.occurrences.first.metadata_version).to eq('2.3')
+      expect(report.findings.first.metadata_version).to eq('2.3')
     end
 
     it "adds report image's name to raw_metadata" do
-      expect(Gitlab::Json.parse(report.occurrences.first.raw_metadata).dig('location', 'image')).to eq(image)
+      expect(Gitlab::Json.parse(report.findings.first.raw_metadata).dig('location', 'image')).to eq(image)
     end
   end
 end

ee/spec/lib/gitlab/ci/parsers/security/coverage_fuzzing_spec.rb

@@ -16,13 +16,13 @@ RSpec.describe Gitlab::Ci::Parsers::Security::CoverageFuzzing do
       end
     end
 
-    it 'parses all identifiers and occurrences' do
-      expect(report.occurrences.length).to eq(1)
+    it 'parses all identifiers and findings' do
+      expect(report.findings.length).to eq(1)
       expect(report.scanners.length).to eq(1)
     end
 
     it 'generates expected location' do
-      location = report.occurrences.first.location
+      location = report.findings.first.location
 
       expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::CoverageFuzzing)
       expect(location).to have_attributes(

ee/spec/lib/gitlab/ci/parsers/security/dast_spec.rb

@@ -37,15 +37,15 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Dast do
         end
       end
 
-      it 'parses all identifiers, occurrences and scanned resources' do
-        expect(report.occurrences.length).to eq(occurrence_count)
+      it 'parses all identifiers, findings and scanned resources' do
+        expect(report.findings.length).to eq(occurrence_count)
         expect(report.identifiers.length).to eq(identifier_count)
         expect(report.scanners.length).to eq(scanner_count)
         expect(report.scanned_resources.length).to eq(scanned_resources_count)
       end
 
       it 'generates expected location' do
-        location = report.occurrences.last.location
+        location = report.findings.last.location
 
         expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::Dast)
         expect(location).to have_attributes(
@@ -64,7 +64,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Dast do
 
         with_them do
           it 'saves properly occurrence' do
-            occurrence = report.occurrences.last
+            occurrence = report.findings.last
 
             expect(occurrence.public_send(attribute)).to eq(value)
           end

ee/spec/lib/gitlab/ci/parsers/security/dependency_scanning_spec.rb

@@ -27,14 +27,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::DependencyScanning do
         end
       end
 
-      it "parses all identifiers and occurrences" do
-        expect(report.occurrences.length).to eq(occurrence_count)
+      it "parses all identifiers and findings" do
+        expect(report.findings.length).to eq(occurrence_count)
         expect(report.identifiers.length).to eq(identifier_count)
         expect(report.scanners.length).to eq(scanner_count)
       end
 
       it 'generates expected location' do
-        location = report.occurrences.first.location
+        location = report.findings.first.location
 
         expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::DependencyScanning)
         expect(location).to have_attributes(
@@ -45,7 +45,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::DependencyScanning do
       end
 
       it "generates expected metadata_version" do
-        expect(report.occurrences.first.metadata_version).to eq(version)
+        expect(report.findings.first.metadata_version).to eq(version)
       end
     end
 
@@ -79,7 +79,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::DependencyScanning do
       end
 
       it "generates occurrence with expected remediation" do
-        occurrence = report.occurrences.last
+        occurrence = report.findings.last
         raw_metadata = Gitlab::Json.parse!(occurrence.raw_metadata)
 
         expect(occurrence.name).to eq("Authentication bypass via incorrect DOM traversal and canonicalization in saml2-js")

ee/spec/lib/gitlab/ci/parsers/security/sast_spec.rb

@@ -22,14 +22,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
           end
         end
 
-        it "parses all identifiers and occurrences" do
-          expect(report.occurrences.length).to eq(33)
+        it "parses all identifiers and findings" do
+          expect(report.findings.length).to eq(33)
           expect(report.identifiers.length).to eq(17)
           expect(report.scanners.length).to eq(3)
         end
 
         it 'generates expected location' do
-          location = report.occurrences.first.location
+          location = report.findings.first.location
 
           expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::Sast)
           expect(location).to have_attributes(
@@ -42,7 +42,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do
         end
 
         it "generates expected metadata_version" do
-          expect(report.occurrences.first.metadata_version).to eq('1.2')
+          expect(report.findings.first.metadata_version).to eq('1.2')
         end
       end
     end

ee/spec/lib/gitlab/ci/parsers/security/secret_detection_spec.rb

@@ -22,14 +22,14 @@ RSpec.describe Gitlab::Ci::Parsers::Security::SecretDetection do
           end
         end
 
-        it "parses all identifiers and occurrences" do
-          expect(report.occurrences.length).to eq(1)
+        it "parses all identifiers and findings" do
+          expect(report.findings.length).to eq(1)
           expect(report.identifiers.length).to eq(1)
           expect(report.scanners.length).to eq(1)
         end
 
         it 'generates expected location' do
-          location = report.occurrences.first.location
+          location = report.findings.first.location
 
           expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::SecretDetection)
           expect(location).to have_attributes(
@@ -42,7 +42,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::SecretDetection do
         end
 
         it "generates expected metadata_version" do
-          expect(report.occurrences.first.metadata_version).to eq('3.0')
+          expect(report.findings.first.metadata_version).to eq('3.0')
         end
       end
     end

ee/spec/lib/gitlab/ci/reports/security/aggregated_report_spec.rb

@@ -3,10 +3,10 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Ci::Reports::Security::AggregatedReport do
-  subject { described_class.new(reports, occurrences) }
+  subject { described_class.new(reports, findings) }
 
   let(:reports) { build_list(:ci_reports_security_report, 1) }
-  let(:occurrences) { build_list(:ci_reports_security_occurrence, 1) }
+  let(:findings) { build_list(:ci_reports_security_finding, 1) }
 
   describe '#created_at' do
     context 'no reports' do

ee/spec/lib/gitlab/ci/reports/security/occurrence_spec.rb

@@ -62,7 +62,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Occurrence do
   end
 
   describe "delegation" do
-    subject { create(:ci_reports_security_occurrence) }
+    subject { create(:ci_reports_security_finding) }
 
     %i[file_path start_line end_line].each do |attribute|
       it "delegates attribute #{attribute} to location" do
@@ -72,7 +72,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Occurrence do
   end
 
   describe '#to_hash' do
-    let(:occurrence) { create(:ci_reports_security_occurrence) }
+    let(:occurrence) { create(:ci_reports_security_finding) }
 
     subject { occurrence.to_hash }
 
@@ -98,7 +98,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Occurrence do
     let(:primary_identifier) { create(:ci_reports_security_identifier) }
     let(:other_identifier) { create(:ci_reports_security_identifier) }
 
-    let(:occurrence) { create(:ci_reports_security_occurrence, identifiers: [primary_identifier, other_identifier]) }
+    let(:occurrence) { create(:ci_reports_security_finding, identifiers: [primary_identifier, other_identifier]) }
 
     subject { occurrence.primary_identifier }
 
@@ -111,7 +111,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Occurrence do
     let(:old_location) { create(:ci_reports_security_locations_sast, file_path: 'old_file.rb') }
     let(:new_location) { create(:ci_reports_security_locations_sast, file_path: 'new_file.rb') }
 
-    let(:occurrence) { create(:ci_reports_security_occurrence, location: old_location) }
+    let(:occurrence) { create(:ci_reports_security_finding, location: old_location) }
 
     subject { occurrence.update_location(new_location) }
 

ee/spec/lib/gitlab/ci/reports/security/report_spec.rb

@@ -41,13 +41,13 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     end
   end
 
-  describe '#add_occurrence' do
-    let(:occurrence) { create(:ci_reports_security_occurrence) }
+  describe '#add_finding' do
+    let(:finding) { create(:ci_reports_security_finding) }
 
-    it 'enriches given occurrence and stores it in the collection' do
-      report.add_occurrence(occurrence)
+    it 'enriches given finding and stores it in the collection' do
+      report.finding(finding)
 
-      expect(report.occurrences).to eq([occurrence])
+      expect(report.findings).to eq([finding])
     end
   end
 
@@ -55,7 +55,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     let(:report) do
       create(
         :ci_reports_security_report,
-        occurrences: [create(:ci_reports_security_occurrence)],
+        findings: [create(:ci_reports_security_finding)],
         scanners: [create(:ci_reports_security_scanner)],
         identifiers: [create(:ci_reports_security_identifier)]
       )
@@ -67,7 +67,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
       expect(clone.type).to eq(report.type)
       expect(clone.commit_sha).to eq(report.commit_sha)
       expect(clone.created_at).to eq(report.created_at)
-      expect(clone.occurrences).to eq([])
+      expect(clone.findings).to eq([])
       expect(clone.scanners).to eq({})
       expect(clone.identifiers).to eq({})
     end
@@ -77,7 +77,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     let(:report) do
       create(
         :ci_reports_security_report,
-        occurrences: [create(:ci_reports_security_occurrence)],
+        findings: [create(:ci_reports_security_finding)],
         scanners: [create(:ci_reports_security_scanner)],
         identifiers: [create(:ci_reports_security_identifier)]
       )
@@ -85,7 +85,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     let(:other_report) do
       create(
         :ci_reports_security_report,
-        occurrences: [create(:ci_reports_security_occurrence, compare_key: 'other_occurrence')],
+        findings: [create(:ci_reports_security_finding, compare_key: 'other_finding')],
         scanners: [create(:ci_reports_security_scanner, external_id: 'other_scanner', name: 'Other Scanner')],
         identifiers: [create(:ci_reports_security_identifier, external_id: 'other_id', name: 'other_scanner')]
       )
@@ -96,7 +96,7 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     end
 
     it 'replaces report contents with other reports contents' do
-      expect(report.occurrences).to eq(other_report.occurrences)
+      expect(report.findings).to eq(other_report.findings)
       expect(report.scanners).to eq(other_report.scanners)
       expect(report.identifiers).to eq(other_report.identifiers)
     end
@@ -128,10 +128,10 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     context "when the sast report has an unsafe vulnerability" do
       where(severity: %w[unknown Unknown high High critical Critical])
       with_them do
-        let(:occurrence) { build(:ci_reports_security_occurrence, severity: severity) }
+        let(:finding) { build(:ci_reports_security_finding, severity: severity) }
 
         before do
-          subject.add_occurrence(occurrence)
+          subject.finding(finding)
         end
 
         it { expect(subject.unsafe_severity?).to be(true) }
@@ -142,10 +142,10 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     context "when the sast report has a medium to low severity vulnerability" do
       where(severity: %w[medium Medium low Low])
       with_them do
-        let(:occurrence) { build(:ci_reports_security_occurrence, severity: severity) }
+        let(:finding) { build(:ci_reports_security_finding, severity: severity) }
 
         before do
-          subject.add_occurrence(occurrence)
+          subject.finding(finding)
         end
 
         it { expect(subject.unsafe_severity?).to be(false) }
@@ -154,10 +154,10 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     end
 
     context "when the sast report has a vulnerability with a `nil` severity" do
-      let(:occurrence) { build(:ci_reports_security_occurrence, severity: nil) }
+      let(:finding) { build(:ci_reports_security_finding, severity: nil) }
 
       before do
-        subject.add_occurrence(occurrence)
+        subject.finding(finding)
       end
 
       it { expect(subject.unsafe_severity?).to be(false) }
@@ -165,10 +165,10 @@ RSpec.describe Gitlab::Ci::Reports::Security::Report do
     end
 
     context "when the sast report has a vulnerability with a blank severity" do
-      let(:occurrence) { build(:ci_reports_security_occurrence, severity: '') }
+      let(:finding) { build(:ci_reports_security_finding, severity: '') }
 
       before do
-        subject.add_occurrence(occurrence)
+        subject.finding(finding)
       end
 
       it { expect(subject.unsafe_severity?).to be(false) }

ee/spec/lib/gitlab/ci/reports/security/reports_spec.rb

@@ -41,13 +41,13 @@ RSpec.describe Gitlab::Ci::Reports::Security::Reports do
   describe "#violates_default_policy?" do
     subject { described_class.new(commit_sha) }
 
-    let(:low_severity) { build(:ci_reports_security_occurrence, severity: 'low') }
-    let(:high_severity) { build(:ci_reports_security_occurrence, severity: 'high') }
+    let(:low_severity) { build(:ci_reports_security_finding, severity: 'low') }
+    let(:high_severity) { build(:ci_reports_security_finding, severity: 'high') }
 
     context "when a report has a high severity vulnerability" do
       before do
-        subject.get_report('sast', artifact).add_occurrence(high_severity)
-        subject.get_report('dependency_scanning', artifact).add_occurrence(low_severity)
+        subject.get_report('sast', artifact).finding(high_severity)
+        subject.get_report('dependency_scanning', artifact).finding(low_severity)
       end
 
       it { expect(subject.violates_default_policy?).to be(true) }
@@ -55,8 +55,8 @@ RSpec.describe Gitlab::Ci::Reports::Security::Reports do
 
     context "when none of the reports have a high severity vulnerability" do
       before do
-        subject.get_report('sast', artifact).add_occurrence(low_severity)
-        subject.get_report('dependency_scanning', artifact).add_occurrence(low_severity)
+        subject.get_report('sast', artifact).finding(low_severity)
+        subject.get_report('dependency_scanning', artifact).finding(low_severity)
       end
 
       it { expect(subject.violates_default_policy?).to be(false) }

ee/spec/migrations/migrate_vulnerability_dismissal_feedback_spec.rb

@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissalFeedback, :migration, :sidekiq do
   let(:vulnerabilities) { table(:vulnerabilities) }
 
   let(:dismissed_state) { Gitlab::BackgroundMigration::UpdateVulnerabilitiesFromDismissalFeedback::VULNERABILITY_DISMISSED_STATE }
-  let(:severity) { Vulnerabilities::Occurrence::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Occurrence::REPORT_TYPES[:sast] }
+  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
 
   before do
     stub_const("#{described_class.name}::BATCH_SIZE", 1)

ee/spec/migrations/migrate_vulnerability_dismissals_spec.rb

@@ -16,9 +16,9 @@ RSpec.describe MigrateVulnerabilityDismissals, :migration, :sidekiq do
   let(:vulnerabilities) { table(:vulnerabilities) }
 
   let(:detected_state) {  Gitlab::BackgroundMigration::UpdateVulnerabilitiesToDismissed::VULNERABILITY_DETECTED }
-  let(:severity) { Vulnerabilities::Occurrence::SEVERITY_LEVELS[:unknown] }
-  let(:confidence) { Vulnerabilities::Occurrence::CONFIDENCE_LEVELS[:medium] }
-  let(:report_type) { Vulnerabilities::Occurrence::REPORT_TYPES[:sast] }
+  let(:severity) { Vulnerabilities::Finding::SEVERITY_LEVELS[:unknown] }
+  let(:confidence) { Vulnerabilities::Finding::CONFIDENCE_LEVELS[:medium] }
+  let(:report_type) { Vulnerabilities::Finding::REPORT_TYPES[:sast] }
 
   before do
     stub_const("#{described_class.name}::BATCH_SIZE", 1)

ee/spec/models/ci/build_spec.rb

@@ -172,7 +172,7 @@ RSpec.describe Ci::Build do
         it 'parses blobs and add the results to the report' do
           subject
 
-          expect(security_reports.get_report('sast', artifact).occurrences.size).to eq(33)
+          expect(security_reports.get_report('sast', artifact).findings.size).to eq(33)
         end
 
         it 'adds the created date to the report' do
@@ -191,10 +191,10 @@ RSpec.describe Ci::Build do
         it 'parses blobs and adds the results to the reports' do
           subject
 
-          expect(security_reports.get_report('sast', sast_artifact).occurrences.size).to eq(33)
-          expect(security_reports.get_report('dependency_scanning', ds_artifact).occurrences.size).to eq(4)
-          expect(security_reports.get_report('container_scanning', cs_artifact).occurrences.size).to eq(8)
-          expect(security_reports.get_report('dast', dast_artifact).occurrences.size).to eq(20)
+          expect(security_reports.get_report('sast', sast_artifact).findings.size).to eq(33)
+          expect(security_reports.get_report('dependency_scanning', ds_artifact).findings.size).to eq(4)
+          expect(security_reports.get_report('container_scanning', cs_artifact).findings.size).to eq(8)
+          expect(security_reports.get_report('dast', dast_artifact).findings.size).to eq(20)
         end
       end
 

ee/spec/models/ci/pipeline_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Ci::Pipeline do
 
   it { is_expected.to have_many(:security_scans).through(:builds).class_name('Security::Scan') }
   it { is_expected.to have_many(:downstream_bridges) }
-  it { is_expected.to have_many(:vulnerability_findings).through(:vulnerabilities_finding_pipelines).class_name('Vulnerabilities::Occurrence') }
+  it { is_expected.to have_many(:vulnerability_findings).through(:vulnerabilities_finding_pipelines).class_name('Vulnerabilities::Finding') }
   it { is_expected.to have_many(:vulnerabilities_finding_pipelines).class_name('Vulnerabilities::FindingPipeline') }
 
   describe '.failure_reasons' do
@@ -53,8 +53,8 @@ RSpec.describe Ci::Pipeline do
     let!(:pipeline_3) { create(:ci_pipeline, project: project) }
 
     before do
-      create(:vulnerabilities_occurrence, pipelines: [pipeline_1], project: pipeline.project)
-      create(:vulnerabilities_occurrence, pipelines: [pipeline_2], project: pipeline.project)
+      create(:vulnerabilities_finding, pipelines: [pipeline_1], project: pipeline.project)
+      create(:vulnerabilities_finding, pipelines: [pipeline_2], project: pipeline.project)
     end
 
     it "returns pipeline with vulnerabilities" do
@@ -158,18 +158,18 @@ RSpec.describe Ci::Pipeline do
         expect(subject.reports.keys).to contain_exactly('sast', 'dependency_scanning', 'container_scanning')
 
         # for each of report categories, we have merged 2 reports with the same data (fixture)
-        expect(subject.get_report('sast', sast1_artifact).occurrences.size).to eq(33)
-        expect(subject.get_report('dependency_scanning', ds1_artifact).occurrences.size).to eq(4)
-        expect(subject.get_report('container_scanning', cs1_artifact).occurrences.size).to eq(8)
+        expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
+        expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
+        expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
       end
 
       context 'when builds are retried' do
         let(:build_sast_1) { create(:ci_build, :retried, name: 'sast_1', pipeline: pipeline, project: project) }
 
         it 'does not take retried builds into account' do
-          expect(subject.get_report('sast', sast1_artifact).occurrences.size).to eq(33)
-          expect(subject.get_report('dependency_scanning', ds1_artifact).occurrences.size).to eq(4)
-          expect(subject.get_report('container_scanning', cs1_artifact).occurrences.size).to eq(8)
+          expect(subject.get_report('sast', sast1_artifact).findings.size).to eq(33)
+          expect(subject.get_report('dependency_scanning', ds1_artifact).findings.size).to eq(4)
+          expect(subject.get_report('container_scanning', cs1_artifact).findings.size).to eq(8)
         end
       end
     end

ee/spec/models/vulnerabilities/finding_identifier_spec.rb

@@ -4,14 +4,14 @@ require 'spec_helper'
 
 RSpec.describe Vulnerabilities::FindingIdentifier do
   describe 'associations' do
+    it { is_expected.to belong_to(:finding).class_name('Vulnerabilities::Finding').with_foreign_key('occurrence_id') }
     it { is_expected.to belong_to(:identifier).class_name('Vulnerabilities::Identifier') }
-    it { is_expected.to belong_to(:occurrence).class_name('Vulnerabilities::Occurrence') }
   end
 
   describe 'validations' do
     let!(:finding_identifier) { create(:vulnerabilities_finding_identifier) }
 
-    it { is_expected.to validate_presence_of(:occurrence) }
+    it { is_expected.to validate_presence_of(:finding) }
     it { is_expected.to validate_presence_of(:identifier) }
     it { is_expected.to validate_uniqueness_of(:identifier_id).scoped_to(:occurrence_id) }
   end

ee/spec/models/vulnerabilities/finding_pipeline_spec.rb

@@ -5,13 +5,13 @@ require 'spec_helper'
 RSpec.describe Vulnerabilities::FindingPipeline do
   describe 'associations' do
     it { is_expected.to belong_to(:pipeline).class_name('Ci::Pipeline') }
-    it { is_expected.to belong_to(:occurrence).class_name('Vulnerabilities::Occurrence') }
+    it { is_expected.to belong_to(:finding).class_name('Vulnerabilities::Finding') }
   end
 
   describe 'validations' do
     let!(:finding_pipeline) { create(:vulnerabilities_finding_pipeline) }
 
-    it { is_expected.to validate_presence_of(:occurrence) }
+    it { is_expected.to validate_presence_of(:finding) }
     it { is_expected.to validate_presence_of(:pipeline) }
     it { is_expected.to validate_uniqueness_of(:pipeline_id).scoped_to(:occurrence_id) }
   end

ee/spec/models/vulnerabilities/identifier_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 RSpec.describe Vulnerabilities::Identifier do
   describe 'associations' do
     it { is_expected.to have_many(:finding_identifiers).class_name('Vulnerabilities::FindingIdentifier') }
-    it { is_expected.to have_many(:occurrences).class_name('Vulnerabilities::Occurrence') }
-    it { is_expected.to have_many(:primary_occurrences).class_name('Vulnerabilities::Occurrence') }
+    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Finding') }
+    it { is_expected.to have_many(:primary_findings).class_name('Vulnerabilities::Finding') }
     it { is_expected.to belong_to(:project) }
   end
 

ee/spec/models/vulnerabilities/scanner_spec.rb

@@ -4,7 +4,7 @@ require 'spec_helper'
 
 RSpec.describe Vulnerabilities::Scanner do
   describe 'associations' do
-    it { is_expected.to have_many(:occurrences).class_name('Vulnerabilities::Occurrence') }
+    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Finding').with_foreign_key('occurrence_id') }
     it { is_expected.to belong_to(:project) }
   end
 

ee/spec/models/vulnerability_spec.rb

@@ -31,7 +31,7 @@ RSpec.describe Vulnerability do
     it { is_expected.to belong_to(:project) }
     it { is_expected.to belong_to(:milestone) }
     it { is_expected.to belong_to(:epic) }
-    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Occurrence').inverse_of(:vulnerability) }
+    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Finding').inverse_of(:vulnerability) }
     it { is_expected.to have_many(:issue_links).class_name('Vulnerabilities::IssueLink').inverse_of(:vulnerability) }
     it { is_expected.to have_many(:related_issues).through(:issue_links).source(:issue) }
     it { is_expected.to belong_to(:author).class_name('User') }
@@ -43,7 +43,7 @@ RSpec.describe Vulnerability do
 
     it { is_expected.to have_one(:group).through(:project) }
 
-    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Occurrence').dependent(false) }
+    it { is_expected.to have_many(:findings).class_name('Vulnerabilities::Finding').dependent(false) }
     it { is_expected.to have_many(:notes).dependent(:delete_all) }
     it { is_expected.to have_many(:user_mentions).class_name('VulnerabilityUserMention') }
   end
@@ -274,11 +274,11 @@ RSpec.describe Vulnerability do
 
     subject { vulnerability.resolved_on_default_branch }
 
-    context 'Vulnerability::Occurrence is present on the pipeline for default branch' do
+    context 'Vulnerability::Finding is present on the pipeline for default branch' do
       it { is_expected.to eq(false) }
     end
 
-    context 'Vulnerability::Occurrence is not present on the pipeline for default branch' do
+    context 'Vulnerability::Finding is not present on the pipeline for default branch' do
       before do
         project.instance_variable_set(:@latest_successful_pipeline_for_default_branch, pipeline_without_vulnerability)
       end

ee/spec/presenters/security/vulnerable_project_presenter_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe Security::VulnerableProjectPresenter do
   let(:project) { create(:project) }
 
   before do
-    allow(::Vulnerabilities::Occurrence).to receive(:batch_count_by_project_and_severity).and_return(1)
+    allow(::Vulnerabilities::Finding).to receive(:batch_count_by_project_and_severity).and_return(1)
   end
 
   subject { described_class.new(project) }
@@ -15,7 +15,7 @@ RSpec.describe Security::VulnerableProjectPresenter do
     expect(subject.id).to be(project.id)
   end
 
-  ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity_level|
+  ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
     it "exposes a vulnerability count attribute for #{severity_level} vulnerabilities" do
       expect(subject.public_send("#{severity_level}_vulnerability_count")).to be(1)
     end

ee/spec/requests/api/graphql/vulnerabilities/identifiers_spec.rb

@@ -37,13 +37,13 @@ RSpec.describe 'Query.vulnerabilities.identifiers' do
 
   let_it_be(:finding) do
     create(
-      :vulnerabilities_occurrence,
+      :vulnerabilities_finding,
       vulnerability: vulnerability
     )
   end
 
   let_it_be(:vulnerabilities_finding_identifier) do
-    create(:vulnerabilities_finding_identifier, identifier: finding_identifier, occurrence: finding)
+    create(:vulnerabilities_finding_identifier, identifier: finding_identifier, finding: finding)
   end
 
   subject { graphql_data.dig('vulnerabilities', 'nodes') }

ee/spec/requests/api/vulnerability_findings_spec.rb

@@ -32,8 +32,8 @@ RSpec.describe API::VulnerabilityFindings do
       create(:vulnerability_feedback, :dismissal, :sast,
              project: project,
              pipeline: pipeline,
-             project_fingerprint: sast_report.occurrences.first.project_fingerprint,
-             vulnerability_data: sast_report.occurrences.first.raw_metadata
+             project_fingerprint: sast_report.findings.first.project_fingerprint,
+             vulnerability_data: sast_report.findings.first.raw_metadata
       )
     end
 
@@ -43,21 +43,21 @@ RSpec.describe API::VulnerabilityFindings do
       end
 
       # Because fixture reports that power :ee_ci_job_artifact factory contain long report lists,
-      # we need to make sure that all occurrences for both SAST and Dependency Scanning are included in the response.
+      # we need to make sure that all findings for both SAST and Dependency Scanning are included in the response.
       # That's why the page size is 40.
       let(:pagination) { { per_page: 40 } }
 
       it 'returns all non-dismissed vulnerabilities' do
-        # all occurrences except one that was dismissed
-        occurrence_count = (sast_report.occurrences.count + ds_report.occurrences.count - 1).to_s
+        # all findings except one that was dismissed
+        finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s
 
         get api(project_vulnerability_findings_path, user), params: pagination
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(response).to include_pagination_headers
-        expect(response).to match_response_schema('vulnerabilities/occurrence_list', dir: 'ee')
+        expect(response).to match_response_schema('vulnerabilities/finding_list', dir: 'ee')
 
-        expect(response.headers['X-Total']).to eq occurrence_count
+        expect(response.headers['X-Total']).to eq finding_count
 
         expect(json_response.map { |v| v['report_type'] }.uniq).to match_array %w[dependency_scanning sast]
       end
@@ -68,39 +68,39 @@ RSpec.describe API::VulnerabilityFindings do
         end.count
 
         # Threshold is required for the extra query performed in Security::PipelineVulnerabilitiesFinder to load
-        # the Vulnerabilities providing computed states for the associated Vulnerability::Occurrences
+        # the Vulnerabilities providing computed states for the associated Vulnerability::Findings
         expect { get api(project_vulnerability_findings_path, user) }.not_to exceed_query_limit(control_count).with_threshold(1)
       end
 
       describe 'filtering' do
         it 'returns vulnerabilities with sast report_type' do
-          occurrence_count = (sast_report.occurrences.count - 1).to_s # all SAST occurrences except one that was dismissed
+          finding_count = (sast_report.findings.count - 1).to_s # all SAST findings except one that was dismissed
 
           get api(project_vulnerability_findings_path, user), params: { report_type: 'sast' }
 
           expect(response).to have_gitlab_http_status(:ok)
 
-          expect(response.headers['X-Total']).to eq occurrence_count
+          expect(response.headers['X-Total']).to eq finding_count
 
           expect(json_response.map { |v| v['report_type'] }.uniq).to match_array %w[sast]
 
-          # occurrences are implicitly sorted by Security::PipelineVulnerabilitiesFinder and
+          # findings are implicitly sorted by Security::PipelineVulnerabilitiesFinder and
           # Security::MergeReportsService so their order differs from what is present in fixture file
           expect(json_response.first['name']).to eq 'ECB mode is insecure'
         end
 
         it 'returns vulnerabilities with dependency_scanning report_type' do
-          occurrence_count = ds_report.occurrences.count.to_s
+          finding_count = ds_report.findings.count.to_s
 
           get api(project_vulnerability_findings_path, user), params: { report_type: 'dependency_scanning' }
 
           expect(response).to have_gitlab_http_status(:ok)
 
-          expect(response.headers['X-Total']).to eq occurrence_count
+          expect(response.headers['X-Total']).to eq finding_count
 
           expect(json_response.map { |v| v['report_type'] }.uniq).to match_array %w[dependency_scanning]
 
-          # occurrences are implicitly sorted by Security::PipelineVulnerabilitiesFinder and
+          # findings are implicitly sorted by Security::PipelineVulnerabilitiesFinder and
           # Security::MergeReportsService so their order differs from what is present in fixture file
           expect(json_response.first['name']).to eq 'ruby-ffi DDL loading issue on Windows OS'
         end
@@ -112,13 +112,13 @@ RSpec.describe API::VulnerabilityFindings do
         end
 
         it 'returns dismissed vulnerabilities with `all` scope' do
-          occurrence_count = (sast_report.occurrences.count + ds_report.occurrences.count).to_s
+          finding_count = (sast_report.findings.count + ds_report.findings.count).to_s
 
           get api(project_vulnerability_findings_path, user), params: { scope: 'all' }.merge(pagination)
 
           expect(response).to have_gitlab_http_status(:ok)
 
-          expect(response.headers['X-Total']).to eq occurrence_count
+          expect(response.headers['X-Total']).to eq finding_count
         end
 
         it 'returns vulnerabilities with low severity' do
@@ -159,13 +159,13 @@ RSpec.describe API::VulnerabilityFindings do
 
         context 'when pipeline_id is supplied' do
           it 'returns vulnerabilities from supplied pipeline' do
-            occurrence_count = (sast_report.occurrences.count + ds_report.occurrences.count - 1).to_s
+            finding_count = (sast_report.findings.count + ds_report.findings.count - 1).to_s
 
             get api(project_vulnerability_findings_path, user), params: { pipeline_id: pipeline.id }.merge(pagination)
 
             expect(response).to have_gitlab_http_status(:ok)
 
-            expect(response.headers['X-Total']).to eq occurrence_count
+            expect(response.headers['X-Total']).to eq finding_count
           end
 
           context 'pipeline has no reports' do

ee/spec/requests/groups/security/vulnerable_projects_index_spec.rb

@@ -24,7 +24,7 @@ RSpec.describe 'GET /groups/*group_id/-/security/projects' do
     projects = create_list(:project, 2, namespace: group)
 
     projects.each do |project|
-      ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity|
+      ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity|
         create(:vulnerabilities_occurrence, severity: severity, project: project)
       end
     end

ee/spec/requests/security/vulnerability_findings_spec.rb

@@ -47,7 +47,7 @@ RSpec.describe 'GET /-/security/vulnerability_findings' do
       let(:findings_request_params) { { page: 2 } }
 
       before do
-        Vulnerabilities::Occurrence.paginates_per 2
+        Vulnerabilities::Finding.paginates_per 2
 
         create_list(:vulnerabilities_occurrence, 3, pipelines: [pipeline], project: project)
 
@@ -55,7 +55,7 @@ RSpec.describe 'GET /-/security/vulnerability_findings' do
       end
 
       after do
-        Vulnerabilities::Occurrence.paginates_per Vulnerabilities::Occurrence::OCCURRENCES_PER_PAGE
+        Vulnerabilities::Finding.paginates_per Vulnerabilities::Finding::OCCURRENCES_PER_PAGE
       end
 
       it 'returns the list of vulnerability findings that are on the requested page' do

ee/spec/serializers/vulnerabilities/finding_reports_comparer_entity_spec.rb

@@ -6,13 +6,13 @@ RSpec.describe Vulnerabilities::FindingReportsComparerEntity do
   describe 'container scanning report comparison' do
     let_it_be(:user) { create(:user) }
 
-    let(:base_occurrences) { create_list(:vulnerabilities_occurrence, 2) }
+    let(:base_findings) { create_list(:vulnerabilities_finding, 2) }
     let(:base_combined_reports) { build_list(:ci_reports_security_report, 1, created_at: nil) }
-    let(:base_report) { build(:ci_reports_security_aggregated_reports, reports: base_combined_reports, occurrences: base_occurrences)}
+    let(:base_report) { build(:ci_reports_security_aggregated_reports, reports: base_combined_reports, findings: base_findings)}
 
-    let(:head_occurrences) { create_list(:vulnerabilities_occurrence, 1) }
+    let(:head_findings) { create_list(:vulnerabilities_finding, 1) }
     let(:head_combined_reports) { build_list(:ci_reports_security_report, 1, created_at: 2.days.ago) }
-    let(:head_report) { build(:ci_reports_security_aggregated_reports, reports: head_combined_reports, occurrences: head_occurrences)}
+    let(:head_report) { build(:ci_reports_security_aggregated_reports, reports: head_combined_reports, findings: head_findings)}
 
     let(:scan) { create(:security_scan, scanned_resources_count: 10) }
     let(:security_scans) { [scan] }

ee/spec/serializers/vulnerable_project_entity_spec.rb

@@ -7,12 +7,12 @@ RSpec.describe VulnerableProjectEntity do
   let(:vulnerable_project) { ::Security::VulnerableProjectPresenter.new(project) }
 
   before do
-    allow(::Vulnerabilities::Occurrence).to receive(:batch_count_by_project_and_severity).and_return(2)
+    allow(::Vulnerabilities::Finding).to receive(:batch_count_by_project_and_severity).and_return(2)
   end
 
   subject { described_class.new(vulnerable_project) }
 
-  ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity_level|
+  ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
     it "exposes a vulnerability count attribute for #{severity_level} vulnerabilities" do
       expect(subject.as_json["#{severity_level}_vulnerability_count".to_sym]).to be(2)
     end

ee/spec/serializers/vulnerable_project_serializer_spec.rb

@@ -11,14 +11,14 @@ RSpec.describe VulnerableProjectSerializer do
   before do
     project.add_developer(user)
 
-    allow(::Vulnerabilities::Occurrence).to receive(:batch_count_by_project_and_severity)
+    allow(::Vulnerabilities::Finding).to receive(:batch_count_by_project_and_severity)
   end
 
   describe '#represent' do
     subject { serializer.represent(vulnerable_project) }
 
     it 'includes counts for each severity of vulnerability' do
-      ::Vulnerabilities::Occurrence::SEVERITY_LEVELS.keys.each do |severity_level|
+      ::Vulnerabilities::Finding::SEVERITY_LEVELS.keys.each do |severity_level|
         expect(subject).to include("#{severity_level}_vulnerability_count".to_sym)
       end
     end

ee/spec/services/security/merge_reports_service_spec.rb

@@ -14,24 +14,24 @@ RSpec.describe Security::MergeReportsService, '#execute' do
   let(:identifier_cwe) { build(:ci_reports_security_identifier, external_id: '789', external_type: 'cwe') }
   let(:identifier_wasc) { build(:ci_reports_security_identifier, external_id: '13', external_type: 'wasc') }
 
-  let(:occurrence_id_1) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_id_1) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_1_primary, identifier_1_cve],
           scanner: scanner_1,
           severity: :low
          )
   end
 
-  let(:occurrence_id_1_extra) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_id_1_extra) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_1_primary, identifier_1_cve],
           scanner: scanner_1,
           severity: :low
          )
   end
 
-  let(:occurrence_id_2_loc_1) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_id_2_loc_1) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_2_primary, identifier_2_cve],
           location: build(:ci_reports_security_locations_sast, start_line: 32, end_line: 34),
           scanner: scanner_2,
@@ -39,8 +39,8 @@ RSpec.describe Security::MergeReportsService, '#execute' do
          )
   end
 
-  let(:occurrence_id_2_loc_2) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_id_2_loc_2) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_2_primary, identifier_2_cve],
           location: build(:ci_reports_security_locations_sast, start_line: 42, end_line: 44),
           scanner: scanner_2,
@@ -48,70 +48,70 @@ RSpec.describe Security::MergeReportsService, '#execute' do
          )
   end
 
-  let(:occurrence_cwe_1) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_cwe_1) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_cwe],
           scanner: scanner_3,
           severity: :high
          )
   end
 
-  let(:occurrence_cwe_2) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_cwe_2) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_cwe],
           scanner: scanner_1,
           severity: :critical
          )
   end
 
-  let(:occurrence_wasc_1) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_wasc_1) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_wasc],
           scanner: scanner_1,
           severity: :medium
          )
   end
 
-  let(:occurrence_wasc_2) do
-    build(:ci_reports_security_occurrence,
+  let(:finding_wasc_2) do
+    build(:ci_reports_security_finding,
           identifiers: [identifier_wasc],
           scanner: scanner_2,
           severity: :critical
          )
   end
 
-  let(:report_1_occurrences) { [occurrence_id_1, occurrence_id_2_loc_1, occurrence_cwe_2, occurrence_wasc_1] }
+  let(:report_1_findings) { [finding_id_1, finding_id_2_loc_1, finding_cwe_2, finding_wasc_1] }
 
   let(:report_1) do
     build(
       :ci_reports_security_report,
       scanners: [scanner_1, scanner_2],
-      occurrences: report_1_occurrences,
-      identifiers: report_1_occurrences.flat_map(&:identifiers),
+      findings: report_1_findings,
+      identifiers: report_1_findings.flat_map(&:identifiers),
       scanned_resources: ['example.com', 'example.com/1', 'example.com/2']
     )
   end
 
-  let(:report_2_occurrences) { [occurrence_id_2_loc_2, occurrence_wasc_2] }
+  let(:report_2_findings) { [finding_id_2_loc_2, finding_wasc_2] }
 
   let(:report_2) do
     build(
       :ci_reports_security_report,
       scanners: [scanner_2],
-      occurrences: report_2_occurrences,
-      identifiers: occurrence_id_2_loc_2.identifiers,
+      findings: report_2_findings,
+      identifiers: finding_id_2_loc_2.identifiers,
       scanned_resources: ['example.com', 'example.com/3']
     )
   end
 
-  let(:report_3_occurrences) { [occurrence_id_1_extra, occurrence_cwe_1] }
+  let(:report_3_findings) { [finding_id_1_extra, finding_cwe_1] }
 
   let(:report_3) do
     build(
       :ci_reports_security_report,
       scanners: [scanner_1, scanner_3],
-      occurrences: report_3_occurrences,
-      identifiers: report_3_occurrences.flat_map(&:identifiers)
+      findings: report_3_findings,
+      identifiers: report_3_findings.flat_map(&:identifiers)
     )
   end
 
@@ -137,15 +137,15 @@ RSpec.describe Security::MergeReportsService, '#execute' do
   end
 
   it 'deduplicates (except cwe and wasc) and sorts the vulnerabilities by severity (desc) then by compare key' do
-    expect(subject.occurrences).to(
+    expect(subject.findings).to(
       eq([
-          occurrence_cwe_2,
-          occurrence_wasc_2,
-          occurrence_cwe_1,
-          occurrence_id_2_loc_2,
-          occurrence_id_2_loc_1,
-          occurrence_wasc_1,
-          occurrence_id_1
+          finding_cwe_2,
+          finding_wasc_2,
+          finding_cwe_1,
+          finding_id_2_loc_2,
+          finding_id_2_loc_1,
+          finding_wasc_1,
+          finding_id_1
       ])
     )
   end
@@ -170,16 +170,16 @@ RSpec.describe Security::MergeReportsService, '#execute' do
     let(:identifier_cve) { build(:ci_reports_security_identifier, external_id: 'CVE-2019-123', external_type: 'cve') }
     let(:identifier_npm) { build(:ci_reports_security_identifier, external_id: 'NPM-13', external_type: 'npm') }
 
-    let(:occurrence_id_1) { build(:ci_reports_security_occurrence, identifiers: [identifier_gemnasium, identifier_cve, identifier_npm], scanner: gemnasium_scanner, report_type: :dependency_scanning) }
-    let(:occurrence_id_2) { build(:ci_reports_security_occurrence, identifiers: [identifier_cve], scanner: bundler_audit_scanner, report_type: :dependency_scanning) }
-    let(:occurrence_id_3) { build(:ci_reports_security_occurrence, identifiers: [identifier_npm], scanner: retire_js_scaner, report_type: :dependency_scanning ) }
+    let(:finding_id_1) { build(:ci_reports_security_finding, identifiers: [identifier_gemnasium, identifier_cve, identifier_npm], scanner: gemnasium_scanner, report_type: :dependency_scanning) }
+    let(:finding_id_2) { build(:ci_reports_security_finding, identifiers: [identifier_cve], scanner: bundler_audit_scanner, report_type: :dependency_scanning) }
+    let(:finding_id_3) { build(:ci_reports_security_finding, identifiers: [identifier_npm], scanner: retire_js_scaner, report_type: :dependency_scanning ) }
 
     let(:gemnasium_report) do
       build( :ci_reports_security_report,
         type: :dependency_scanning,
         scanners: [gemnasium_scanner],
-        occurrences: [occurrence_id_1],
-        identifiers: occurrence_id_1.identifiers
+        findings: [finding_id_1],
+        identifiers: finding_id_1.identifiers
       )
     end
 
@@ -188,8 +188,8 @@ RSpec.describe Security::MergeReportsService, '#execute' do
         :ci_reports_security_report,
         type: :dependency_scanning,
         scanners: [bundler_audit_scanner],
-        occurrences: [occurrence_id_2],
-        identifiers: occurrence_id_2.identifiers
+        findings: [finding_id_2],
+        identifiers: finding_id_2.identifiers
       )
     end
 
@@ -198,8 +198,8 @@ RSpec.describe Security::MergeReportsService, '#execute' do
         :ci_reports_security_report,
         type: :dependency_scanning,
         scanners: [retire_js_scaner],
-        occurrences: [occurrence_id_3],
-        identifiers: occurrence_id_3.identifiers
+        findings: [finding_id_3],
+        identifiers: finding_id_3.identifiers
       )
     end
 
@@ -208,8 +208,8 @@ RSpec.describe Security::MergeReportsService, '#execute' do
         :ci_reports_security_report,
         type: :dependency_scanning,
         scanners: [scanner_2],
-        occurrences: [occurrence_id_2_loc_1],
-        identifiers: occurrence_id_2_loc_1.identifiers
+        findings: [finding_id_2_loc_1],
+        identifiers: finding_id_2_loc_1.identifiers
       )
     end
 
@@ -217,17 +217,17 @@ RSpec.describe Security::MergeReportsService, '#execute' do
       subject { described_class.new(gemnasium_report, retirejs_report, bundler_audit_report).execute }
 
       specify { expect(subject.scanners.values).to eql([bundler_audit_scanner, retire_js_scaner, gemnasium_scanner]) }
-      specify { expect(subject.occurrences.count).to eq(2) }
-      specify { expect(subject.occurrences.first.identifiers).to contain_exactly(identifier_cve) }
-      specify { expect(subject.occurrences.last.identifiers).to contain_exactly(identifier_npm) }
+      specify { expect(subject.findings.count).to eq(2) }
+      specify { expect(subject.findings.first.identifiers).to contain_exactly(identifier_cve) }
+      specify { expect(subject.findings.last.identifiers).to contain_exactly(identifier_npm) }
     end
 
     context 'when a custom analyzer is completed before the known analyzers' do
       subject { described_class.new(custom_analyzer_report, retirejs_report, bundler_audit_report).execute }
 
       specify { expect(subject.scanners.values).to eql([bundler_audit_scanner, retire_js_scaner, scanner_2]) }
-      specify { expect(subject.occurrences.count).to eq(3) }
-      specify { expect(subject.occurrences.last.identifiers).to match_array(occurrence_id_2_loc_1.identifiers) }
+      specify { expect(subject.findings.count).to eq(3) }
+      specify { expect(subject.findings.last.identifiers).to match_array(finding_id_2_loc_1.identifiers) }
     end
   end
 end

ee/spec/services/security/store_report_service_spec.rb

@@ -23,7 +23,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
 
     using RSpec::Parameterized::TableSyntax
 
-    where(:case_name, :report_type, :scanners, :identifiers, :occurrences, :finding_identifiers, :finding_pipelines) do
+    where(:case_name, :report_type, :scanners, :identifiers, :findings, :finding_identifiers, :finding_pipelines) do
       'with SAST report'                | :sast                | 3 | 17 | 33 | 39 | 33
       'with Dependency Scanning report' | :dependency_scanning | 2 | 7  | 4  | 7  | 4
       'with Container Scanning report'  | :container_scanning  | 1 | 8  | 8  | 8  | 8
@@ -38,11 +38,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
         expect { subject }.to change { Vulnerabilities::Identifier.count }.by(identifiers)
       end
 
-      it 'inserts all occurrences' do
-        expect { subject }.to change { Vulnerabilities::Occurrence.count }.by(occurrences)
+      it 'inserts all findings' do
+        expect { subject }.to change { Vulnerabilities::Finding.count }.by(findings)
       end
 
-      it 'inserts all occurrence identifiers (join model)' do
+      it 'inserts all finding identifiers (join model)' do
         expect { subject }.to change { Vulnerabilities::FindingIdentifier.count }.by(finding_identifiers)
       end
 
@@ -51,18 +51,18 @@ RSpec.describe Security::StoreReportService, '#execute' do
       end
 
       it 'inserts all vulnerabilties' do
-        expect { subject }.to change { Vulnerability.count }.by(occurrences)
+        expect { subject }.to change { Vulnerability.count }.by(findings)
       end
     end
 
     context 'invalid data' do
       let(:artifact) { create(:ee_ci_job_artifact, :sast) }
-      let(:occurrence_without_name) { build(:ci_reports_security_occurrence, name: nil) }
+      let(:finding_without_name) { build(:ci_reports_security_finding, name: nil) }
       let(:report) { Gitlab::Ci::Reports::Security::Report.new('container_scanning', nil, nil) }
 
       before do
         allow(Gitlab::ErrorTracking).to receive(:track_and_raise_exception).and_call_original
-        report.add_occurrence(occurrence_without_name)
+        report.finding(finding_without_name)
       end
 
       it 'raises invalid record error' do
@@ -70,7 +70,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
       end
 
       it 'reports the error correctly' do
-        expected_params = occurrence_without_name.to_hash.dig(:raw_metadata)
+        expected_params = finding_without_name.to_hash.dig(:raw_metadata)
         expect { subject.execute }.to raise_error { |error|
           expect(Gitlab::ErrorTracking).to have_received(:track_and_raise_exception).with(error, create_params: expected_params)
         }
@@ -87,8 +87,8 @@ RSpec.describe Security::StoreReportService, '#execute' do
     let(:new_report) { new_pipeline.security_reports.get_report(report_type.to_s, artifact) }
     let(:report_type) { :sast }
 
-    let!(:occurrence) do
-      create(:vulnerabilities_occurrence,
+    let!(:finding) do
+      create(:vulnerabilities_finding,
         pipelines: [pipeline],
         identifiers: [identifier],
         primary_identifier: identifier,
@@ -97,7 +97,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
         location_fingerprint: 'd869ba3f0b3347eb2749135a437dc07c8ae0f420')
     end
 
-    let!(:vulnerability) { create(:vulnerability, findings: [occurrence], project: project) }
+    let!(:vulnerability) { create(:vulnerability, findings: [finding], project: project) }
 
     before do
       project.add_developer(user)
@@ -114,11 +114,11 @@ RSpec.describe Security::StoreReportService, '#execute' do
       expect { subject }.to change { Vulnerabilities::Identifier.count }.by(16)
     end
 
-    it 'inserts only new occurrences and reuse existing ones' do
-      expect { subject }.to change { Vulnerabilities::Occurrence.count }.by(32)
+    it 'inserts only new findings and reuse existing ones' do
+      expect { subject }.to change { Vulnerabilities::Finding.count }.by(32)
     end
 
-    it 'inserts all occurrence pipelines (join model) for this new pipeline' do
+    it 'inserts all finding pipelines (join model) for this new pipeline' do
       expect { subject }.to change { Vulnerabilities::FindingPipeline.where(pipeline: new_pipeline).count }.by(33)
     end
 
@@ -126,9 +126,9 @@ RSpec.describe Security::StoreReportService, '#execute' do
       expect { subject }.to change { Vulnerability.count }.by(32)
     end
 
-    it 'updates existing occurrences with new data' do
+    it 'updates existing findings with new data' do
       subject
-      expect(occurrence.reload).to have_attributes(severity: 'medium', name: 'Probable insecure usage of temp file/directory.')
+      expect(finding.reload).to have_attributes(severity: 'medium', name: 'Probable insecure usage of temp file/directory.')
     end
 
     it 'updates existing vulnerability with new data' do
@@ -138,7 +138,7 @@ RSpec.describe Security::StoreReportService, '#execute' do
   end
 
   context 'with existing data from same pipeline' do
-    let!(:occurrence) { create(:vulnerabilities_occurrence, project: project, pipelines: [pipeline]) }
+    let!(:finding) { create(:vulnerabilities_finding, project: project, pipelines: [pipeline]) }
     let(:report_type) { :sast }
 
     it 'skips report' do

ee/spec/services/vulnerabilities/create_service_spec.rb

@@ -48,10 +48,10 @@ RSpec.describe Vulnerabilities::CreateService do
     end
 
     it 'starts a new transaction for the create sequence' do
-      allow(Vulnerabilities::Occurrence).to receive(:transaction).and_call_original
+      allow(Vulnerabilities::Finding).to receive(:transaction).and_call_original
 
       subject
-      expect(Vulnerabilities::Occurrence).to have_received(:transaction).with(requires_new: true).once
+      expect(Vulnerabilities::Finding).to have_received(:transaction).with(requires_new: true).once
     end
 
     context 'when finding id is unknown' do

ee/spec/support/shared_examples/controllers/concerns/project_vulnerability_findings_actions_shared_examples.rb

@@ -47,7 +47,7 @@ RSpec.shared_examples ProjectVulnerabilityFindingsActions do
       let(:action_params) { vulnerable_params.merge(page: 2) }
 
       before do
-        Vulnerabilities::Occurrence.paginates_per 2
+        Vulnerabilities::Finding.paginates_per 2
 
         create_list(:vulnerabilities_occurrence, 3, pipelines: [pipeline], project: vulnerable_project)
 
@@ -55,7 +55,7 @@ RSpec.shared_examples ProjectVulnerabilityFindingsActions do
       end
 
       after do
-        Vulnerabilities::Occurrence.paginates_per Vulnerabilities::Occurrence::OCCURRENCES_PER_PAGE
+        Vulnerabilities::Finding.paginates_per Vulnerabilities::Finding::OCCURRENCES_PER_PAGE
       end
 
       it 'returns the list of vulnerability findings that are on the requested page' do