Add Access Token auth to Gemnasium API
Problem to solve
Currently, the only way to auth on Gemnasium API is by using a JSON Web Token.
This approach doesn't suit well for automated workflow we are trying to achieve.
Intended users
~Secure team members.
Further details
As we want to automate the publishing process of advisories to the Gemnasium DB, we need a way to set up a long-lived auth mechanism that could be used by a bot to submit a request to the Gemnasium API from pipeline jobs.
Proposal
Consider adding something similar to GitLab's Personal access tokens
Permissions and Security
We should be careful about the rights granted to this kind of access and consider the potential risks.
Documentation
TODO: check if we have propoer documentation for gemnasium API, and add this new auth mechanism capability there.
What does success look like, and how can we measure that?
A job from gemnasium-db repository can submit authenticated requests to the gemnasium API.