vulnlog copy

Copies a complete vulnerability entry from a source file into one or more target files. This propagates an existing analysis across multiple branch files.

vulnlog copy <source-file> <target-file...> [flags]

Flag Description

Flag	Description
`--vuln-id <id>`	Vulnerability ID to copy (required). Must exist in the source file.

--vuln-id <id>

Vulnerability ID to copy (required). Must exist in the source file.

The first positional argument is the source file. All subsequent positional arguments are target files. The entry is copied with all fields intact (analysis, verdict, justification, resolution, etc.). The releases field is adjusted to reference the latest published release that exist in each target file.

If an entry with the same id already exists in a target file, the command skips that file and reports a warning.

Example

In this example the vulnerability CVE-2026-002 is copied from source.vl.yml to target1.vl.yml and target2.vl.yml.

Copy the vulnerability with the ID CVE-2026-002 from source.vl.yml to targe1.vl.yml and target2.vl.yml.

vulnlog copy source.vl.yml target1.vl.yml target2.vl.yml --vuln-id CVE-2026-002

Copied 'CVE-2026-002' to target1.vl.yml
Copied 'CVE-2026-002' to target2.vl.yml

The command adds the vulnerability entry to the previously empty vulnerabilities list.

This copies CVE-2026-002 from before:

vulnerabilities: []

After the operation, the vulnerability entry is added:

vulnerabilities:

  - id: "CVE-2026-002"
    description: "Remote code execution in example-lib"
    releases:
    - "1.0.0"
    packages:
    - "pkg:npm/example-lib@2.3.0"
    reports:
    - reporter: "trivy"
      at: null
      source: null
      vuln_ids: []
      suppress: null
    analysis: "The vulnerable code path is not reachable in our application because we\
      \ only use the safe subset of the API.\n"
    verdict: "not affected"
    justification: "vulnerable code not in execute path"