Add link to allow user to contribute enhancements or edits to the vulnerability DB (when showing Dependency Scanning vulnerability)

Problem to solve

Users don't know they can contribute to our advisory DB, and may have corrections or improvements to share.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)
• Sidney (Systems Administrator)
• Sam (Security Analyst)

Further details

We only link to our DB in the documentation: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#vulnerabilities-database-update

Proposal

Update the vulnerability modal (or anywhere else where they are details about a vulnerability), so the user would have a link to a new Merge Request directly in the right file in our advisory DB. It means we need to update the report format to add a link to the original advisory file, but that should be trivial (cc @fcatteau @julianthome).

Permissions and Security

N/A

Documentation

https://docs.gitlab.com/ee/user/application_security/index.html#interacting-with-the-vulnerabilities needs to be updated.

Testing

We need to check the link provided.

What does success look like, and how can we measure that?

More contributions to our DB.

What is the type of buyer?

GitLab Ultimate

Links / references