Add vulnerability_advisories database table and model
Why are we doing this work
This issue handles the creation of vulnerability_advisories
table and its associated model to facilitate the storage of advisories from different sources.
Relevant links
Epic: Ingest Dependency Scanning advisories (&8025 - closed)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
create_table :vulnerability_advisories do |t|
t.integer :component_type, null: false, limit: 2
t.string :title
t.string :affected_range
t.string :not_impacted
t.string :component_name
t.string :solution
t.string :cvss_v2
t.string :cvss_v3
t.datetime_with_timezone :created_date, null: false
t.datetime_with_timezone :published_date, null: false
t.uuid :uuid, null: false
t.text :description
t.text :identifiers, array: true, default: []
t.text :fixed_versions, array: true, default: []
t.text :urls, array: true, default: []
t.text :links, array: true, default: []
end
create_table :vulnerable_component_version do |t|
t.references :vulnerability_advisory,
t.references :sbom_component_version
end
Create these models
Vulnerabilities::Advisory
Vulnerabilities::ComponentVersion
Verification steps
Edited by Sashi Kumar Kumaresan