Add Direct Component URL Linking and Centralized Component List

[manuel-sommer]

Summary:
Currently, DefectDojo lists vulnerable components but does not provide direct links to the component URLs. This enhancement would improve usability by allowing users to quickly access the official component pages for further details.

Proposed Solution:
Introduce a configuration option, e.g., VULNERABILITY_URLS, in settings.dist.py to define URL patterns for components. Create a dedicated file, componentslist.dist.py, to maintain a centralized list of components and their corresponding URLs. Add unit tests to ensure the integrity of this list and the URL generation logic. This will help harden the implementation and make future pull requests easier and faster to review.

Benefits:
Improves user experience by providing direct access to component information.
Centralizes component URL management for better maintainability.
Enhances reliability through automated testing.

What is your opinion on this?

[manuel-sommer]

What is your opinion on this @valentijnscholten?

[valentijnscholten]

Is there enough information for us to do this as we don't have a PURL or CPE? With only a component name and component version we might not now if it's npm, maven, nuget, composer, ... ?
Usually the finding contains some reference URLs or we construct urls based on the vulnerability ID which is a pretty reliable way to find your way to the component's homepage/source repo?