In general, the world of static analysis reports is wonderful. Just a reference example of xkcd/927. There are more and more of these report standards every day.
SARIF aka Static Analysis Results Interchange Format is (supposedly) considered an industry standard, but that's not a reason to rush to integrate it, right? GitLab here, for example, thinks yes (the issue is three years old), and only understands the Code Climate format. Without extra workarounds, as usual, it's impossible to just show a Detekt report in GitLab.
How then? Well, there's, for example, tomasbjerre/violations-lib. Just look at the table, these are all report formats that it can parse (and how many more it can't, surely). And, what we need most - it can export to Code Climate and SARIF jsons. This is approximately how it looks if wrapped in a convention plugin. Accordingly, we run Detekt first, then violations, at the output we have json that GitLab can parse and display nicely.