We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New feature
It would be useful to have copa to patch all packages without needing input from scanners as an opt in feature/flag. This would be equivalent of apt update && apt upgrade (and similar for other tooling like yum, and apk) #546
apt update && apt upgrade
Copa will need to know what is the OS for an image, since we rely on the scanners for this today. This is a prereq so copa can route to correct package manager. This part can be spin up to be a library in the future. #547
For distroless, copa might need to get list of packages first, since we don't have the package manager tooling. #569
Copa will need to write metadata information about which packages got patched. #592
Copa might need to skip validation or find a different source for validation, as copa won't have the scanner input to validate against. #593
Copa will not be able to provide any vex output since it doesn't have any info on CVEs associated with the package upgrades.
Copa should also check if there are any package updates. If not, it should fast fail #594
The text was updated successfully, but these errors were encountered:
@ashnamehrotra this is a good issue to pick up too
Sorry, something went wrong.
ashnamehrotra
No branches or pull requests
What kind of request is this?
New feature
What is your request or suggestion?
It would be useful to have copa to patch all packages without needing input from scanners as an opt in feature/flag. This would be equivalent of
apt update && apt upgrade
(and similar for other tooling like yum, and apk) #546Copa will need to know what is the OS for an image, since we rely on the scanners for this today. This is a prereq so copa can route to correct package manager. This part can be spin up to be a library in the future. #547
For distroless, copa might need to get list of packages first, since we don't have the package manager tooling. #569
Copa will need to write metadata information about which packages got patched. #592
Copa might need to skip validation or find a different source for validation, as copa won't have the scanner input to validate against. #593
Copa will not be able to provide any vex output since it doesn't have any info on CVEs associated with the package upgrades.
Copa should also check if there are any package updates. If not, it should fast fail #594
Are you willing to submit PRs to contribute to this feature request?
The text was updated successfully, but these errors were encountered: