Quick Start Guide

Step 1: Sign up

Send an email to register@sealsecurity.io with:

  1. Your name

  2. Email

  3. Name of your company

And follow the steps here.

Step 2: Discover your vulnerable packages

The first thing we need to do is discover what vulnerable packages are currently in use.

If you're using GitHub, GitLab or Azure DevOps, the recommended way to do that is to connect the Seal platform to your repositories. Seal's app will then scan your project dependencies and identify the vulnerable packages.

However, if you're not using one of those platforms or prefer not to give Seal read permissions to your repositories, you may instead configure Seal as your artifact server. With this configuration, Seal will identify the vulnerable packages you're pulling.

Step 3: Set up your sealing deployment

The recommended setup is to integrate the Seal CLI as part of your CI pipeline. With this setup, our CLI will replace the vulnerable packages with sealed ones, in accordance with an instructions file committed to your source control. To quickly run an example on your machine without configuring your CI see the usage examples.

However, if you prefer not to use our CLI as part of your CI, you may instead configure Seal as your artifact server, and then edit your dependencies manually.

Step 4: Seal your packages

After you set up your sealing deployment, you will want to replace your vulnerable packages with their sealed versions.

If you're using the Seal CLI as part of your CI you have several options:

  1. Use automatic remediation and automatically fix everything.

  2. Use automatic pull requests generated by Seal's GitHub, GitLab or Azure DevOps app.

  3. Manually edit (or use the Seal CLI to edit) a project's Seal configuration file and manually create a pull request.

If you're not using the Seal CLI as part of your CI then to seal a package you must configure Seal as your artifact server, and then manually edit your dependencies to use the sealed version.

Last updated