Copa (Project Copacetic)

Copa CLI

The copa command line interface used to patch container images. The core subcommand `copa patch` accepts an image reference and an optional vulnerability report and produces a new tagged image with OS-level package vulnerabilities remediated via BuildKit.

Documentation GitHub

API entry from apis.yml

aid: copa:cli
name: Copa CLI
description: The copa command line interface used to patch container images. The core subcommand `copa
  patch` accepts an image reference and an optional vulnerability report and produces a new tagged image
  with OS-level package vulnerabilities remediated via BuildKit.
humanURL: https://project-copacetic.github.io/copacetic/website/
baseURL: https://project-copacetic.github.io
tags:
- CLI
- Patching
properties:
- type: Documentation
  url: https://project-copacetic.github.io/copacetic/website/
- type: Reference
  url: https://project-copacetic.github.io/copacetic/website/quick-start/
- type: GitHubRepository
  url: https://github.com/project-copacetic/copacetic
- type: License
  url: https://github.com/project-copacetic/copacetic/blob/main/LICENSE
- type: Issue Tracker
  url: https://github.com/project-copacetic/copacetic/issues
x-features:
- '`copa patch -i IMAGE` patches all outdated OS packages'
- '`copa patch -r REPORT.json -i IMAGE` patches based on a Trivy report'
- Multi-platform image patching
- Distroless image support
- Pluggable scanner plugins
- VEX (Vulnerability Exchange) document generation
x-useCases:
- Remediating OS-level CVEs in third-party container images
- Continuously patching base images during security incidents
- Inserting Copa into CI/CD pipelines after Trivy scans

Copa CLI

Documentation

SDKs

Other Resources

API entry from apis.yml