Resolve "Expose CVSS, KEV and EPSS score to Vulnerability Entity and Serializer"

What does this MR do and why?

Exposes CVE data so it may be displayed in the UI in the vulnerability page.

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

Related to #499408 (closed)

Database Review

Additions in this MR are expected to be used in a single vulnerability view, meaning we would query a single CVE at a time. Therefore, no bulk query handling is added.

New query added in a scope in PackageMetadata::Advisory model (ee/app/models/package_metadata/advisory.rb):

    scope :by_cve, ->(cve) {
      where("EXISTS (SELECT 1 FROM jsonb_array_elements(identifiers) AS identifier
             WHERE identifier->>'type' ILIKE 'cve'
             AND identifier->>'name' = ?)", cve)
    }

Raw sample query:

SELECT
    "pm_advisories".*
FROM
    "pm_advisories"
WHERE (EXISTS (
        SELECT
            1
        FROM
            jsonb_array_elements(identifiers) AS identifier
        WHERE
            identifier ->> 'type' ILIKE 'cve'
            AND identifier ->> 'name' = 'CVE-2023-32692'))
ORDER BY
    "pm_advisories"."id" ASC
LIMIT 1

Full query plan in postgres.ai

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.