PatchProof

PatchProof is a web app (with optional GitHub/GitLab app) that verifies whether “fixed” vulnerabilities are truly remediated in your deployed builds—not just in your lockfile. It ingests SBOMs and build artifacts, correlates them with known CVEs, and then checks runtime/container images to confirm the vulnerable code paths and versions are gone. It flags common failure modes: transitive deps still pulling old versions, multiple copies of a library, vendored code, and base images that quietly reintroduce issues. The output is a simple, auditable “patch evidence” report you can attach to tickets, SOC2/ISO audits, or customer security questionnaires. Be realistic: this won’t replace full SCA platforms; it focuses narrowly on proving remediation and preventing “we upgraded but it’s still there” incidents that waste days and create real breach risk.