Copa can do an amazing job patching OS level vulnerabilities, using packages in containers. One of the top feedback we heard from copa users was request for addressing app level vulnerabilities. This means code in applications and their dependencies, and recompiling applications to use patched versions of dependencies.
In this demo, we will show how to use Dalec to address application level vulnerabilities, and Copa to patch both OS and application level vulnerabilities.
You can watch the recording of the demo here.
Make sure you have the following tools installed on your machine and available in your PATH:
- Copa v0.9.0 or later
- Trivy
- Docker
- This demo uses local images, so make sure to enable containerd image store in Docker
- yq
- GNU/Linux tools such as awk, sed, grep, cat
- Clone this repository
git clone https://github.com/sozercan/dalec-copa-demo.git- Change directory to the repository
cd dalec-copa-demo- Run the demo
./demo.shDependabot is a tool that helps you keep your dependencies up to date. This includes copa patched images used in Dockerfiles, Kubernetes manifests, and Helm charts.
Example: sozercan/dependabot-test#1