fix the readme format for the verifier

Author: rl-maartenb

docs/content/en/connecting_your_tools/parsers/file/reversinglabs_spectraassure.md

@@ -5,7 +5,7 @@ toc_hide: true
 
 # ReversingLabs SpectraAssure Parser
 
-## File Types
+### File Types
 
 The parser accepts only `report.rl.json` files.
 You can find instructions how to export the `rl-json` report from the cli and portal scanners.
@@ -16,63 +16,54 @@ You can find instructions how to export the `rl-json` report from the cli and po
 - [docker:rl-scanner-cloud](https://hub.docker.com/r/reversinglabs/rl-scanner-cloud).
 
 
-## Relevant Fields in report.rl.json
+### Total Fields in Reversinglabs Spectra Assure rl-json
 
-The format of the `rl-json` report is shown in:
+For the specification of the rl-json report, see the documentation at:
 
+- [rl-json-schema](https://docs.secure.software/cli/rl-json-schema)
 - [analysis-reports:rl-json](https://docs.secure.software/concepts/analysis-reports#rl-json).
 
-The RlJsonInfo module is the principal parser vor the `report.rl.json` data.
-The primary focus is on extracting vulnerabilities (CVE) that occur on rl-json `components` and rl-json `dependencies`. All items without vulnerabilities are currently ignored.
 
-All data is stored only once in the rl-json file and it uses references to map relevant related data:
+### Field Mapping Details
 
-        Component -> Vulnerabilities
-        Component -> Dependencies -> Vulnerabilities
+#### Title
 
-During the parsing we follow the references and add each item to a individual `CveInfoNode` record that has the vulnerablity and the component and the dependency data.
-
-The `CveInfoNode` basically maps almost directly to the `DefectDojo Finding`.
-
-The `title` and `description` are build using the collected data.
-
-### Title
-
-#### Component
+##### Component
 
 For a Components, the title shows:
 
 - the CVE.
 - the type: `Component`.
 - the `purl` of the `Component` if present, otherwise name and version.
-- the component-name.
-- the component-sha256.
 
-The sha256 is added as sometimes a file scan my have multiple items with the same name and version but with a different hash.
-Typically this happens with multi language windows installeres.
 
-#### Dependency
+##### Dependency
 
 The title shows the:
 
 - the CVE.
 - the type: `Dependecy`.
 - the `purl` of the `Dependency` if present, otherwise name and version.
 
-### Description
+#### Description
+
+##### Component
+
+For a component we repeat the title, but add the sha256.
 
-#### Component
+The sha256 is added as sometimes a file scan my have multiple items with the same name and version
+but with a different hash.
+Typically this happens with Windows intstall packages with multiple languages.
 
-For a component we repeat the title.
 
-#### Dependency
+##### Dependency
 
-For a dependency we repeat the title and then add the component_name and component_hash.
+For a dependency we repeat the title and then add the component_name, the component path and the component_hash.
 For duplicates we add one additional line to the description for each duplicate, showing its title and component.
 
-### Vulnerabilities
+#### Vulnerabilities
 
-From the vulnerability we fetch:
+From the vulnerability data in the rl-json file, we fetch:
 
 - the CVE unique id
 - cvss version
@@ -86,27 +77,22 @@ From the cvss.basescore we map the severity into:
 - High
 - Critical
 
-### Other
-
-We extract the scan date and the scanner version and set a static scanner-name.
-
-## Field Mapping Details
-
+##### Notes
 
 - Currently no endpoints are created
-
-- On detecting a duplicate `dependency` we increment the number of occurrences.
+- Deduplication is done with the `unique-id-from-tool` field.
+    - for component: `<component sha256>:<cve>`
+    - for dependencies: `<component sha256>:<cve>:<dependency purl>`
+- On detecting a duplicate `dependency` we increment the number of occurrences.<br/>
 `Components` have no duplicates so the nr of occurrences is always 1.
-
-- Deduplication is done only on Dependencies and we use the title (cve + dependency_name and version) + the `component-path` as the hash_key to detect duplicates.
-
 - The default severity if no mapping is matched is `Info`.
+- We extract the scan date and the scanner version and set a static scanner-name.
 
-## Sample Scan Data or Unit Tests
+### Sample Scan Data or Unit Tests
 
 - [Sample Scan Data Folder](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/reversinglabs_spectraassure)
 
-## Link To Tools
+### Link To Tool
 
 - [Spectra Assure Cli](https://docs.secure.software/cli/)
 - [Spectra Assure Portal](https://docs.secure.software/portal/)