# Commands `seal add ` This command adds an entry to your project's local configuration file, instructing Seal to apply a backported fix to all instances of the specified package version. Flags: * `--os`: Use this flag to add a fix for a package that is part of the operating system. * `--fs `: Use this flag to fix a package within a specific filesystem ecosystem located in the target directory. If `target-dir` is not provided then it uses the current directory. Supported ecosystems include `java` and `python`. #### `seal fix [target-dir]` This command replaces vulnerable packages with their secure, sealed versions directly within your project. Flags: * `--mode`: Specifies which fixes to apply. * `local`: Applies the fixes defined in your local configuration file (this is the default). * `remote`: Applies fixes defined on the Seal server. * `all`: Attempts to fix every vulnerable package for which a sealed version exists. * `--os`: Fixes vulnerable packages managed by the operating system's native package manager. This flag supports: * `yum`: for CentOS, Red Hat Enterprise Linux, Oracle Linux, and similar. * `dpkg`: for Debian, Ubuntu, and similar. * `apk`: for Alpine. * `--fs `: Fixes vulnerable packages found by scanning the filesystem within the specified `[target-dir]`. If no `[target-dir]` is provided, it defaults to the current directory. Supported ecosystems are `java` and `python`. * `--upload-scan-results`: Uploads the list of detected vulnerable packages to the Seal server. This is useful for deployments without a source control integration, as it allows Seal to discover and track your dependencies through your CI pipeline. Arguments: * `[target-dir]`: The directory to scan for vulnerable packages when using the `--fs` flag. * **`seal help`** - Use this command to view the comprehensive usage instructions for the Seal CLI. It will print a list of all commands, flags, and their descriptions directly to your terminal. #### `seal scan [target-dir]` This command scans your project's open-source dependencies and prints a list of vulnerable packages, highlighting which ones have a sealed version available. #### Flags * `--os`: Scans for vulnerable packages managed by your operating system's native package manager. This supports `yum` (for CentOS, RHEL, etc.), `dpkg` (for Debian, Ubuntu, etc.), and `apk` (for Alpine). * `--fs `: Finds vulnerable packages by scanning the filesystem. If you don't provide a `[target-dir]`, it uses the current directory. Supported ecosystems are `java` and `python`. * `--generate-local-config`: Creates or updates a local configuration file with recommended fixes, which you can then apply using the `seal fix` command. * `--generate-snyk-policy`: Creates or updates the `.snyk` file to inform the Snyk scanner about vulnerabilities fixed by Seal. This flag must be used with `--generate-local-config`. * `--upload-scan-results`: Uploads the detected vulnerable packages to the Seal server. This is useful for environments without source control integration, allowing Seal to discover your dependencies via your CI pipeline. * `--csv string`: Saves the scan results to the specified file path in CSV format. #### Arguments * `[target-dir]`: The directory to scan for vulnerable packages when using the `--fs` flag. **`seal version`** - Prints the current version of the Seal CLI. The latest version is always available for download [here](https://github.com/seal-community/cli/releases/tag/latest). #### Flags: These flags can be used with any Seal CLI command. * `-h, --help`: Prints the usage instructions and available options for the specified command. * `-v, -vv, -vvv`: Adjusts the logging verbosity level. This is useful for debugging and provides more detailed output.