Integrating with the CI

Our CLI is built to be easily integrated as part of an organization's CI pipeline.

GitHub Actions

If you're using GitHub actions then you can just incorporate Seal Security's own GitHub action.

Just add it immediately after pulling the packages (for example with npm install) and before any other step:

  name: seal cli
  uses: seal-community/cli-action@latest
  with:
    mode: fix
    fix_mode: all
    token: <token> # replace with a token to the artifact server
    project: <project-id> # replace with the ID of the project

Note that this will apply every possible fix. If you prefer to select which packages to seal, use the local configuration and set fix_mode: local instead.

Other CI Platforms

The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal.

export SEAL_TOKEN=<token> # replace with a token to the artifact server
export SEAL_PROJECT=<project-id> # replace with the ID of the project
export SEAL_CLI_VERSION=latest
curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
unzip seal.zip
./seal fix --mode all

Note that this will apply every possible fix. If you prefer to select which packages to seal, use the local configuration and replace the last line with ./seal fix --mode local.

Docker

You can also use our CLI in a docker. The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal and deploy it in a Dockerfile.

# replace with a token to the artifact server
ENV SEAL_TOKEN=<token>
# replace with the ID of the project
ENV SEAL_PROJECT=<project-id>
ENV SEAL_CLI_VERSION=latest
RUN curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o /tmp/seal.zip && \
    unzip /tmp/seal.zip -d /usr/local/bin && \
    seal scan && \
    seal fix --mode all && \
    rm -f /tmp/seal.zip /usr/local/bin/seal

Note that this will apply every possible fix. If you prefer to select which packages to seal, use the local configuration and replace the all flag with the local flag.

PreviousFixing Specific PackagesNextCommands

Last updated