[RFE] Flag security issues from CPAN::Audit

[robrwo]

If a module version is flagged by CPAN::Audit, then it might be helpful to see something in the UI for a module to indicate that it might have security issues, with a link to view more information.

[guest20]

It might make more sense to just import the .yamls directly from https://github.com/briandfoy/cpan-security-advisory, rather than calling out of CPAN::Audit->db for each dist that's indexed

[oalders]

There's some prior art in the API for adding information for the CPAN River and CPAN testers. It's a starting point, at least, if anyone is interested in taking this on.

rg River
lib/MetaCPAN/Script/River.pm:1:27:package MetaCPAN::Script::River;
lib/MetaCPAN/Types/TypeTiny.pm:17:9:        RiverSummary
lib/MetaCPAN/Types/TypeTiny.pm:73:9:declare RiverSummary,
lib/MetaCPAN/Document/Distribution.pm:10:46:use MetaCPAN::Types::TypeTiny qw( BugSummary RiverSummary );
lib/MetaCPAN/Document/Distribution.pm:27:16:    isa     => RiverSummary,
t/script/river.t:6:23:use MetaCPAN::Script::River  ();
t/script/river.t:20:31:my $river = MetaCPAN::Script::River->new_with_options($config);
t/script/load.t:44:23:use MetaCPAN::Script::River

That's on the distribution type, which is probably not what we want here, but the same general idea would apply. We'd need to update the mappings as well.

[briandfoy]

I'm also producing a JSON version of the latest data now, and I could probably generate another JSON file that has a structure that easier for MetaCPAN to consume.