Vulnerabilities do not have "title", "published", "modified" fields

[carlosthe19916]

Similar to https://github.com/trustification/trustify/issues/280

For each Vulnerability obtained through GET /api/v1/vulnerability there should be metadata that help users to understand the context of each element. E.g. title, date published, date modified.

[ctron]

It looks like the reason for this is:

https://github.com/trustification/trustify/blob/181719dde1162cedae1847511587186bf9770868/modules/ingestor/src/graph/advisory/mod.rs#L230

When no "vulnerability" is found, then a new one will be created, but without any information.

[ctron]

Digging into this issue the situation seems as follows:

• Ingesting any source, like CSAF, will result in "vulnerabilities in the context of an advisory" to have a title and additional information
• If no "vulnerability" itself exists, it will create one, but leave the other information empty
• When the "CVE" importer runs, that information is taken (creates or fills in) this information

So running the CSAF importer and the CVE importer is required. To my understanding, the order is not important.

[carlosthe19916]

IMO these are the problems:

• I am sure I ran the "cve" importer and the "csaf" importer and yet I saw no new data available title|published|modified in the /api/v1/vulnerability endpoint. I do not have a reliable way (step1, step2, stepN) to make the required data appear
• If So running the CSAF importer and the CVE importer is required is true. Then I strongly believe we should rethink/reformulate the definition of a importer. An importer should be self sufficient. I feel that this is a broader discussion than the title of this issue and can be discussed separately

[carlosthe19916]

I might be missing something but this is still an unsolved issue

[carlosthe19916]

Closing this in favor of https://github.com/trustification/trustify/issues/626