Define process and tools to keep the Gemnasium DB up to date with external sources
Problem to solve
With #11169 (closed) we're making the Gemnasium DB content publicly visible and open for contribution.
We also need to define the process to synchronize with external sources to fill this database when new vulnerabilities are disclosed.
- GitLab team members, particularly Secure team for now.
- Document which sources to track and how to sync gemnasium-db with them; see gitlab-org/security-products/gemnasium-db!18 (merged)
Define how to organize the tools we leverage to keep our DB in sync with these sources (put them in
What does success look like, and how can we measure that?
- How many advisories are added to the gemnasium-db project from external sources.