Add a way to publish security advisories #1035
Description
Is your feature request related to a problem? Please describe.
We have a Composer repository managed with Satis and we want to be able to inform users that a package has known vulnerabilities.
Describe the solution you'd like
Composer supports querying an API to get advisories: https://packagist.org/apidoc#list-security-advisories
Describe alternatives you've considered
Our current workaround is to use blacklist in satis.json to remove the vulnerable packages.
But this does not inform users running composer audit.