Add advisory package metadata (!117326) · Merge requests · GitLab.org / GitLab

Igor Frenkel requested to merge 375302-update-vulnerability-advisories-table into master Apr 11, 2023

What does this MR do and why?

Add tables and models to represent advisories for public registry packages.

2 tables are added to normalize the dataset:

pm_advisories store generic information about the advisory itself
pm_affected_packages store the packages affected by this advisory

MR structure

~~add new tables, models and constraints 👈 this MR~~
~~add more complex constraints and validation (on jsonb and array columns)~~
add new tables (the MR couldn't be broken down as above because jsonb column can't be added without json schema validation, so the above 2 points merged into one)
drop unused advisory tables (vulnerability_advisories, sbom_vulnerable_component_versions)
- vulnerability_advisories split into the 2 tables in this MR
- sbom_vulnerable_component_versions will not be used to store vulneable components

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #375302 (closed) and #406596 (closed)

Edited Apr 27, 2023 by Igor Frenkel

Add advisory package metadata

What does this MR do and why?

MR structure

MR acceptance checklist

Merge request reports