Migrate tools to publish Gemnasium Advisories to leverage the new public repo gemnasium-db

Problem to solve

With the Openning of the Gemnasium Advisories Database we migrated the data to a public project: https://gitlab.com/gitlab-org/security-products/gemnasium-db. Though we are still missing one thing:

• Use this repo as SSOT to import/update advisories into Gemnasium DB (so it will stay in sync by design after initial import)

This issue is about implementing that missing piece of work.

Intended users

~Secure team member

Further details

We need to update our publish scripts and possibly migrate issues/MRs on the old project (or not).

Proposal

• Make the client used to publish advisories compatible with YAML files.

What does success look like, and how can we measure that?

The new repository is self-sufficient and we no longer commit to the old one.

Links / references