Vulnerability Assessment rule definitions should be maintained on GitHub for easier fixing and updating
The rule definitions for "SQL Vulnerability Assessment" ( https://docs.microsoft.com/en-us/sql/relational-databases/security/sql-vulnerability-assessment ) are currently stored as an embedded resource in "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Extensions\Application\DataSec.VA.Core.Rules.dll" ( in JSON).
Having this JSON document be an embedded resource means that:
a) it is harder for us to propose fixes / changes, and
b) it requires updating SSMS in order to get any definition updates.
Maintaining this JSON document on GitHub not only allows us to submit PRs, but it would be easy enough to add a simple "Update VA Rules" button to SSMS and/or handle via Nuget.