Ingest Dependency Scanning advisories
## Background context and Problems to Solve
Please reference the [parent epic](https://gitlab.com/groups/gitlab-org/-/epics/7886) for context and details. This epic specifically deals with the ingestion of vulnerabilities from [gemnasium-db](https://gitlab.com/gitlab-org/security-products/gemnasium-db) into the main Postgres database.
## Engineering DRI
@ifrenkel (Rails)
@nilieskou (PMDB)
## Proposal
Ingest vulnerability advisories through License DB.
The following tasks are performed on a regular basis:
- License DB syncs with gemnasium-db, and updates its own DB.
- License DB exports updates to GCP buckets.
- The Rails backend syncs with the GCP buckets, and stores data into the `vulnerability_advisories` table.
Vulnerability advisories are ingested the same way package licenses are.
A new sync protocol has been proposed in https://gitlab.com/gitlab-org/gitlab/-/issues/394723+.
The components added to License DB are similar to the ones listed in https://gitlab.com/gitlab-org/security-products/license-db/deployment/-/blob/main/docs/security.md:
> * license-feeder: Handles communicating with package registries to get a list of package names. These package names are then sent to the license-interfacer over a secure pub/sub channel.
> * license-interfacer: Handles incoming messages to process and execute HTTP(s) requests to package registries.
> * license-processor: Handles incoming messages from the interfacer to store the results of license data into a PostgreSQL database.
> * license-exporter: Handles exporting data from the database to the Public GCP bucket.
## Implementation plan
- License DB
- Update the `schema` to store advisories.
- Add an `advisory-feeder` that gets new or updated advisories from `gemnasium-db`.
- Add a generic `advisory-processor` to store advisories.
- Add a generic `advisory-exporter` to export new or updated advisories to GCP buckets.
- Rails backend
- Update the `vulnerability_advisories` table to accurately reference affected packages.
- Add a periodic worker that syncs `vulnerability_advisories` with the export buckets.
epic