Use GitLab's security API

[tsteenbe]

GitLab vulnerabilities database is Gemnasium DB which seem to be updated at least once a week and is available as a Git repository at https://gitlab.com/gitlab-org/security-products/gemnasium-db

This dataset is made available under GitLab Security Alert Database Terms

We would need to talk to GitHub as the above license states:

(f) Attempt to access or search the Security Alert Database or Content or download Content from the Security Alert Database through the use of any engine, software, tool, agent, device or mechanism (including spiders, robots, crawlers, data mining tools or the like) other than the software and/or search agents provided by GitLab or other generally available third-party web browsers;

Maybe we can get GitLab to provide REST APIs so GitLab Ultimate/Gold customers can user ORT to query gemnasium-db

[tsteenbe]

GitLab is building API for gemnasium-db advisories see https://gitlab.com/gitlab-org/gitlab/-/issues/262400

[tsteenbe]

GitLab just open-sourced a time-delayed clone of their security vulnerability data feed https://gitlab.com/gitlab-org/advisories-community (see also related https://gitlab.com/gitlab-org/gitlab/-/issues/326795)

[sschuberth]

Even if not present at https://github.com/nexB/vulnerablecode/blob/main/SOURCES.rst, VulnerableCode seem to have support for this, so I believe we're fine closing this in favor of using our VulnerableCode integration.