User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  1. Fundamentals

Quick Start Guide

Step 1: Sign up

Send an email to register@sealsecurity.io with:

  1. Your name

  2. Email

  3. The name of your company

Follow the steps here.

Step 2: Discover your vulnerable packages

The first thing we need to do is discover what vulnerable packages are currently in use.

If you're using GitHub, GitLab or Azure DevOps, the recommended way to do that is to connect the Seal platform to your repositories. Seal's app will then scan your project dependencies and identify the vulnerable packages.

However, if you're not using one of those platforms or prefer not to give Seal read permissions to your repositories, you may instead run the Seal CLI as part of your CI pipeline, and have it send the scan results home to the Seal server.

Lastly, you may configure Seal as your artifact server. With this configuration, Seal will identify the vulnerable packages you're pulling from the server, but will have much less visibility due to caching.

Step 3: Set up your sealing deployment

The recommended setup is to integrate the Seal CLI as part of your CI pipeline. With this setup, our CLI will replace the vulnerable packages with sealed ones, in accordance with preset instructions. These instructions can be saved in a file committed to your source control, or on the Seal server. To quickly run an example on your machine without configuring your CI see the usage examples.

However, if you prefer not to use our CLI as part of your CI, you may instead configure Seal as your artifact server, and then edit your dependencies manually.

Step 4: Seal your packages

After you set up your sealing deployment, you will want to replace your vulnerable packages with their sealed versions.

If you're using the Seal CLI as part of your CI you have several options:

  1. Use automatic remediation and automatically fix everything.

  2. Use rules to decide which packages are remediated and how.

  3. Use automatic pull requests generated by Seal's GitHub, GitLab or Azure DevOps app.

  4. Manually edit (or use the Seal CLI to edit) a project's Seal configuration file and manually create a pull request.

If you're not using the Seal CLI as part of your CI then to seal a package you must configure Seal as your artifact server, and then manually edit your dependencies to use the sealed version.

NextSigning Up

Last updated 4 months ago