Enhance the vulnerability database

[shyam-dev]

Additional context Enhancements to the vulnerability database to add additional sources

Is your feature request related to a problem? Please describe. Certain vulnerabilities are being missed out because they are found in sources which are not being used

Describe the solution you'd like While the current vulnerability database is quite comprehensive, we should enhance the database with feeds from other sources. One such example is the gitlab advisory database.

Components/Services

• [ ] UI/Frontend
• [X] API/Backend
• [ ] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

[sandman137]

Can we publish list of current feeds and the ones we are planning to add? Also I think we should make the vulnerability db available as part of release pkgs here in GitHub every 6 hours.

[ramanan-ravi]

Feeds Source	URL
AlmaLinux Errata	https://errata.almalinux.org/8/errata.json
Alpine secdb	https://secdb.alpinelinux.org/
Amazon Linux Security Center	https://alas.aws.amazon.com/
Amazon Linux Security Center	https://alas.aws.amazon.com/alas2.html
Arch Linux Security Tracker	https://security.archlinux.org/json
Debian GNU/Linux	https://security-tracker.debian.org/tracker/
National Vulnerability Database	https://nvd.nist.gov/
Debian GNU/Linux	https://www.debian.org/security/oval/
Oracle Linux	https://linux.oracle.com/security/oval/
RHEL/CentOS	https://www.redhat.com/security/data/oval/v2/
RHEL/CentOS	https://www.redhat.com/security/data/metrics/
Rocky Linux	https://download.rockylinux.org/pub/rocky
Ubuntu CVE Tracker	https://people.canonical.com/~ubuntu-security/cve/
OpenSUSE/SLES	http://ftp.suse.com/pub/projects/security/cvrf/
Photon Security Advisory	https://github.com/vmware/photon/wiki/Security-Advisorieshttps://packages.vmware.com/photon/photon_cve_metadata/
GitHub Advisory Database	https://github.com/advisories/
GitLab Advisory Database	https://gitlab.com/gitlab-org/advisories-community/