https://github.com/sozercan/dalec-copa-demo

🤝 Demo of Dalec and Copa working together to patch a dependency vulnerability
https://github.com/sozercan/dalec-copa-demo

Last synced: 2 months ago
JSON representation

🤝 Demo of Dalec and Copa working together to patch a dependency vulnerability

• Host: GitHub
• URL: https://github.com/sozercan/dalec-copa-demo
• Owner: sozercan
• Created: 2024-10-29T17:54:37.000Z (12 months ago)
• Default Branch: main
• Last Pushed: 2024-11-05T00:28:52.000Z (11 months ago)
• Last Synced: 2025-07-28T18:36:15.487Z (3 months ago)
• Language: Shell
• Homepage:
• Size: 129 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# dalec-copa-demo

[Copa](https://github.com/project-copacetic/copacetic) can do an amazing job patching OS level vulnerabilities, using packages in containers. One of the top feedback we heard from copa users was request for addressing app level vulnerabilities. This means code in applications and their dependencies, and recompiling applications to use patched versions of dependencies.

In this demo, we will show how to use [Dalec](https://github.com/Azure/dalec) to address application level vulnerabilities, and [Copa](https://github.com/project-copacetic/copacetic) to patch both OS and application level vulnerabilities.

## Recording

You can watch the recording of the demo [here](https://asciinema.org/a/aM9sx9dSzbvZMaHgCwJaDeDjx).

## Prerequisites

Make sure you have the following tools installed on your machine and available in your PATH:

- [Copa](https://github.com/project-copacetic/copacetic) [v0.9.0](https://github.com/project-copacetic/copacetic/releases/tag/v0.9.0) or later

- [Trivy](https://github.com/aquasecurity/trivy)

- [Docker](https://docs.docker.com/engine/install/)

  - This demo uses local images, so make sure to [enable containerd image store](https://docs.docker.com/engine/storage/containerd/) in Docker

- [yq](https://github.com/mikefarah/yq)

- GNU/Linux tools such as awk, sed, grep, cat

## How to run the demo

- Clone this repository

```shell

git clone https://github.com/sozercan/dalec-copa-demo.git

```

- Change directory to the repository

```shell

cd dalec-copa-demo

```

- Run the demo

```shell

./demo.sh

```

## Dependabot

[Dependabot](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide) is a tool that helps you keep your dependencies up to date. This includes copa patched images used in Dockerfiles, Kubernetes manifests, and Helm charts.

Example: https://github.com/sozercan/dependabot-test/pull/1