Severity in vulnerability report does not comply with OpenAPI spec

[mleegwt]

Expected behavior and actual behavior:
When retrieving the vulnerabilities report I expect a valid report when there are no vulnerabilities.
Currently the report is:

{
  "application/vnd.security.vulnerability.report; version=1.1": {
    "generated_at": "2024-08-14T00:01:24.636385855Z",
    "scanner": {
      "name": "Trivy",
      "vendor": "Aqua Security",
      "version": "v0.51.2"
    },
    "severity": "",
    "vulnerabilities": []
  }
}

That is invalid in the severity field: This is an enum field. "" is not a valid value for that enum.
I suggest modifying the OpenAPI specification for by either making severity optional in the HarborVulnerabilityReport field or choose a value to report as the severity, e.g. Negligible. This issue applies to all current scanner-adapter-openapi-*.yaml files.

Steps to reproduce the problem:
In Harbor: Search for a container image without vulnerabilities. Navigate to that image, in the background the retrieval of
https://<host>/api/v2.0/projects/<project>/repositories/<container>/artifacts/<sha>/additions/vulnerabilities is performed. This results in the JSON posted above.

Versions:

• harbor version: v2.11.0-70255684