We are running a self-hosted enterprise deployment of OneDev (v14.1.6) and using the Security & Compliance / OSV Vulnerability Scanner build step (ScanDepVulnersStep) in our CI/CD pipelines.

Currently, the scan step produces an in-app vulnerability report tab (via the "Report Name" property), but there is no way to access the scan results as a file or build artifact. We need the ability to export the vulnerability scan results so that we can upload them to an external file store for compliance tracking and auditing purposes.

Feature request (either option would work):

1. Add an option to the ScanDepVulnersStep to publish the scan report as a build artifact (e.g. JSON, SARIF, or plain text format).

2. Provide a way to output the scan results to a file in the job workspace so it can be consumed by subsequent build steps (e.g. a Publish Artifacts step to upload to external storage).

Use case: Our compliance workflow requires vulnerability scan reports to be archived in an external file store. Currently the only way to achieve this is to run osv-scanner separately via a CommandStep, which duplicates the scan and loses the integrated OneDev report UI.

Thank you for considering this enhancement.