project-copacetic/copacetic
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
GoApache-2.0
Issues
- 5
- 1
[REQ] bulk image patching
#631 opened by sozercan - 0
[QUESTION] Verify if there are format correctness check that need to be added given lack of support in rpmVer lib
#601 opened by ashnamehrotra - 6
- 4
- 2
- 2
[REQ] Support "distroless" Alpine Images
#596 opened by ashnamehrotra - 1
- 1
[BUG] Redhat ubi-micro images aren't supported
#521 opened by jpinz - 0
- 0
[REQ] Add support for custom APK config
#597 opened by ashnamehrotra - 0
[REQ] Test buildkit with defaults
#595 opened by ashnamehrotra - 0
[REQ] Add a grace period for long running deferred cleanup functions to complete
#603 opened by ashnamehrotra - 0
For distroless, copa might need to get list of packages first, since we don't have the package manager tooling.
#569 opened by ashnamehrotra - 0
[REQ] Add Rocky Linux as supported OsType
#591 opened by RS185734 - 0
[BUG] flaky custom-unix test
#609 opened by sozercan - 0
[DOC] update slack to cncf
#613 opened by sozercan - 1
- 0
- 1
[REQ] upgrade all packages without scanner input
#522 opened by sozercan - 0
Copa should also check if there are any package updates. If not, it should fast fail
#594 opened by ashnamehrotra - 0
Copa might need to skip validation or find a different source for validation, as copa won't have the scanner input to validate against.
#593 opened by ashnamehrotra - 0
Copa will need to write metadata information about which packages got patched.
#592 opened by ashnamehrotra - 1
[DOC] update source policy docs for debian 12
#473 opened by sozercan - 0
[REQ] classify CI runs as informing or blocking
#573 opened by sozercan - 2
[QUESTION] How to resolve "downloaded package perl-Archive-Tar version 2.38-488.cm2 lower than required 5.34.1-489.cm2 for update"
#559 opened by Miller-Kyle - 1
[REQ] windows container support
#565 opened by sozercan - 10
[QUESTION] Does this support prisma cloud
#552 opened by smartaquarius10 - 0
Copa will need to know what is the OS for an image, since we rely on the scanners for this today. This is a prereq so copa can route to correct package manager. This part can be spin up to be a library in the future.
#547 opened by ashnamehrotra - 0
It would be useful to have copa to patch all packages without needing input from scanners as an opt in feature/flag. This would be equivalent of `apt update && apt upgrade` (and similar for other tooling like yum, and apk)
#546 opened by ashnamehrotra - 2
[REQ] Add support for labels
#544 opened by javier-lopez - 0
- 0
- 0
- 1
- 0
[DOC] Create an adopters file
#513 opened by salaxander - 2
- 0
- 1
[BUG] Copa hangs when patching nginx:1.21.6
#504 opened by ashnamehrotra - 1
[DOC] best practices for patched tags
#476 opened by sozercan - 0
[REQ] log for held packages
#496 opened by sozercan - 0
- 10
- 2
[BUG] Unable to initialize frontend (Dialog/Readline
#484 opened by bchuo - 0
[REQ] create a docker desktop extension
#481 opened by sozercan - 2
[QUESTION] add SBOM Attestation to patched images
#472 opened by R3DRUN3 - 1
- 4
[REQ] Patch from Trivy SBOM scan results
#446 opened by duffney - 2
Is Copa only fixing OS type vulnerabilities?
#467 opened by ajmal-yazdani - 4
how to install Copa for Ubuntu 22.04 machine?
#452 opened by ajmal-yazdani