DVD-R is a Copilot chat agent written for VSCode that acts a one-stop solution for CVE detection & resolution. Its objective is to significantly reduce the time for CVE scanning and resolution for Packet Core images.
Features
CVE report in seconds? - Yes, View it/Share it!
Scans CVEs using Trivy for in-house built images and OSS (open-source) images and generates summary and detailed HTML reports.
Reports can be viewed in VScode & downloaded/shared.
Can't find the affected package? - Tracks it!
Uses AI to determine complex package transitive dependencies across multiple docker layers to figure out the source of CVE.
Is it safe to upgrade? - Calls it!
Uses AI to explicitly call out breaking changes or no-breaking changes when upgrading packages/images
If NO BREAKING CHANGES:
Confirms the upgrade is safe and straightforward
Mentions any minor considerations or best practices for the upgrade
Provides a simple verification command or test, if applicable
If BREAKING CHANGES DETECTED:
Lists specific breaking changes and their impact
Concrete mitigation steps with examples
Test cases to verify the fix works
Code examples demonstrating the solution
CVE in lib? CVE in OS? - Fixes it! - Verifies it!
Fixes the CVEs with a click of a button.
Automatically COPA patches fixed OSS images.
Verfies/regenerate CVE report in the co-pilot chat.
Usage
Clone the repo that you want to scan and open it in VSCode/VSCode Insiders
Run the following command in co-pilot chat and follow the on-screen instructions for fixing