Gemnasium API endpoint to patch an advisory
Problem to solve
Right now the Gemnasium API has no endpoint to patch/update an advisory. To work around this limitation, users willing to update an advisory have to delete it, then create a new one with the same UUID. This is not convenient and is certainly slower than updating an advisory.
Intended users
~Secure team, contributors to gemnasium-db
Proposal
Create a "PATCH advisory" endpoint that makes possible:
- to update the fixed and affected versions; this updates the cures and affections in the DB
- to move the advisory to a different package; this updates the relation b/w the package and the advisory in the DB
- to update the metadata (DB columns); this simply updates the DB record corresponding to the DB
Permissions and Security
The new "PATCH advisory" endpoint is restricted to Gemnasium admins.
What does success look like, and how can we measure that?
Gemnasium clients are used to update existing security advisories without changing their UUID.
Links / references
https://gitlab.com/gitlab-org/security-products/gemnasium/api
Edited by Fabien Catteau