Improve the "Add Package" process on the Package Vulnerabilities tab

[DennisClark]

When you view the Vulnerabilities tab of a Package (see example screenshot) it presents the purl(s) of Fixed package(s) when available. If the Fixed package is not define in your dataspace, it activates a + icon to enable an "Add Package" process, which currently presents the Add Package form with only the available purl fields populated. An improved process would do the following (or something better and equivalent):

• Use the purl to search the PurlDB (the one integrated with the current DejaCode Dataspace) for a match and, if found, fetch the data of the PurlDB entry to populate the Add Package form.
• If no Download URL is available, attempt to infer it from the available data.
• Initiate a scan when the new package is saved.

This improved process takes advantage of available integrations (VCIO, SCIO) and data resources when adding a new Package to DejaCode.

[DennisClark]

nice message: Info: Initial data fetched from PurlDB.

[DennisClark]

Package Integration with PurlDB
When viewing the Vulnerabilities tab of a vulnerable package, if a Fixed package is not defined in your dataspace, DejaCode activates a + icon to enable an "Add Package" process, which is now enhanced to query the PurlDB to get package details already available there.

[DennisClark]

@tdruez everything looks good in Staging Starship, thanks.