Add advisory package metadata
What does this MR do and why?
Add tables and models to represent advisories for public registry packages.
2 tables are added to normalize the dataset:
-
pm_advisories
store generic information about the advisory itself -
pm_affected_packages
store the packages affected by this advisory
MR structure
add new tables, models and constraints👈 this MRadd more complex constraints and validation (onjsonb
andarray
columns)- add new tables (the MR couldn't be broken down as above because
jsonb
column can't be added without json schema validation, so the above 2 points merged into one) - drop unused advisory tables (
vulnerability_advisories
,sbom_vulnerable_component_versions
)-
vulnerability_advisories
split into the 2 tables in this MR -
sbom_vulnerable_component_versions
will not be used to store vulneable components
-
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #375302 (closed) and #406596 (closed)
Edited by Igor Frenkel