The project references contains vital information to assess vulnerabilities, and should be visible in the Dependency-Check Results table. 

Is the vulnerability applicable in the context it is used in? E.g. test code might never parse user input. In multi-module projects when looking at an aggregate analysis, knowing which module (projectReference) that has the vulnerability is even more important. 

Thus, parse "dependency/projectReferences/projectReference" from the dependency-check XML, and display the value(s) in the report table.

The projectReference element is found in dependency-check.1.7.xsd through dependency-check.4.0.xsd (latest).

Making projectReference filterable (searchable) makes it simple to check "Which vulnerabilities does module foo have"?