Add security advisories landing page

Seldaek · Seldaek · commit 972e1d591a63 · 2025-12-09T13:17:13.000+01:00
diff --git a/src/Controller/PackageController.php b/src/Controller/PackageController.php
@@ -1582,6 +1582,17 @@ public function securityAdvisoriesAction(Request $request, string $name): Respon
         return $this->render('package/security_advisories.html.twig', $data);
     }
 
+    #[Route(path: '/security-advisories/', name: 'security_advisories')]
+    public function securityAdvisoriesIndexAction(Request $request): Response
+    {
+        $id = $request->request->get('id') ?? $request->query->get('id');
+        if ($id) {
+            return $this->redirectToRoute('view_advisory', ['id' => trim($id)]);
+        }
+
+        return $this->render('web/security_advisories.html.twig');
+    }
+
     #[Route(path: '/security-advisories/{id}', name: 'view_advisory')]
     public function securityAdvisoryAction(Request $request, string $id): Response
     {
diff --git a/templates/web/security_advisories.html.twig b/templates/web/security_advisories.html.twig
@@ -0,0 +1,33 @@
+{% extends "layout.html.twig" %}
+{% block content %}
+
+<h2 class="title">Security Advisories</h2>
+
+<section class="col-d-12">
+<h3>Search</h3>
+<p>Enter PKSA-, CVE-, or GHSA- IDs to open an advisory</p>
+<form method="post" action="{{ path('security_advisories') }}" class="form-inline" style="margin-top: 15px;">
+    <div class="form-group">
+        <input type="text" name="id" class="form-control" placeholder="e.g., PKSA-xxxx-xxxx-xxxx" style="width: 300px;" required pattern="(PKSA-.{14}|CVE-\d{4}-\d+|GHSA-.{14})">
+    </div>
+    <button type="submit" class="btn btn-primary">View Advisory</button>
+</form>
+</section>
+
+<section class="col-d-12">
+<h3>Packagist Security Advisory Feed</h3>
+<p>Packagist aggregates security advisories from multiple sources to help you stay informed about vulnerabilities in PHP packages:</p>
+<ul>
+    <li><strong>GitHub Security Advisories</strong> - Advisories published on GitHub's Security Advisory Database</li>
+    <li><strong>FriendsOfPHP Security Advisories</strong> - Community-curated advisories from the <a href="https://github.com/FriendsOfPHP/security-advisories">FriendsOfPHP/security-advisories</a> repository</li>
+</ul>
+<p>All advisories get assigned a <strong>PKSA (Packagist Security Advisory)</strong> ID, which is the primary advisory identifier to use in Composer. Advisories may also have associated CVE (Common Vulnerabilities and Exposures) or GHSA (GitHub Security Advisory) identifiers that link to external databases.</p>
+<p>You can access security advisory data through our <a href="{{ path('api_doc') }}#list-security-advisories">API endpoint</a>, which allows you to:</p>
+<ul>
+    <li>Query advisories for specific packages</li>
+    <li>Fetch updates since a specific timestamp</li>
+    <li>Integrate security checks into your CI/CD pipeline</li>
+</ul>
+</section>
+
+{% endblock %}
