copa

Patch container images directly based on vulnerability scan results

brewmacoslinux

Try with needOr install directly

About

Tool to directly patch container images given the vulnerability scanning results

copa

Patch a container image using Trivy vulnerability scan results$ copa patch -i image:tag -r trivy-report.json -t patched-image:tag

Generate a patch report for vulnerabilities in an image$ copa patch -i vulnerable-app:1.0 -r scan-results.json --output-report patch-report.json

Patch multiple images from a vulnerability scan result$ copa patch -i myapp:latest -r vulnerabilities.json -t myapp:patched --skip-errors