Copa (Project Copacetic)

Copa VEX Output

Copa can emit a Vulnerability Exchange (VEX) document describing which CVEs were patched. VEX documents help security teams and downstream consumers verify that an image has been remediated and track residual risk.

GitHub

Documentation

📖
Documentation
https://project-copacetic.github.io/copacetic/website/output/

Other Resources

🔗
Reference
https://github.com/openvex/spec

API entry from apis.yml

apis.yml Raw ↑ 
aid: copa:vex
name: Copa VEX Output
description: Copa can emit a Vulnerability Exchange (VEX) document describing which CVEs were patched.
  VEX documents help security teams and downstream consumers verify that an image has been remediated
  and track residual risk.
humanURL: https://project-copacetic.github.io/copacetic/website/output/
baseURL: https://project-copacetic.github.io
tags:
- OpenVEX
- SBOM
- VEX
properties:
- type: Documentation
  url: https://project-copacetic.github.io/copacetic/website/output/
- type: Reference
  url: https://github.com/openvex/spec
x-features:
- Emits OpenVEX-compatible documents
- Records patched CVE identifiers and statuses
- Pairs with SBOMs for supply chain transparency
x-useCases:
- Communicating remediation status downstream
- Reducing scanner noise from CVEs already patched in place