Support the GitLab community advisory database

[westonsteimel]

It would be great to pull in advisory data from the GitLab Community Advisory Database.

I think transforming the GitLab format into OSV shouldn't be too difficult; however, figuring out what to use as the identifier within OSV might need some discussion as GitLab primarily use the cve Id as the identifier within their DB. Perhaps something like a prefix of GITLAB and the uuid from the record (although that field isn't documented and I haven't verified it exists on every record)?

Also, I know @oliverchang submitted an issue directly to GitLab quite some time ago about exporting OSV directly, but I'm not sure there's been much movement there yet.

I do think it'd be valuable to start bringing this in as there is quite a bit more coverage particularly in the maven ecosystem than GitHub currently has. I'm very slowly working on getting them in sync, but that is going to take quite a long time

[andrewpollock]

https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/issues/163 has seen some recent activity, for what it's worth...

[oliverchang]

Closing as I think this would be on GitLab to support. There's not much we can do on our end.