Commands

seal add package version - Adds to the local configuration file an instruction to seal all instances of the specified package version.

--os - Adds the package to the project declaring the operating system packages to be fixed.

--fs <ecosystem> [target-dir] - Adds the package to the project declaring the packages to be fixed under the target directory in the same ecosystem. If target-dir is not provided then it uses the current directory. For now, the only ecosystem supported is java.

seal fix - Replaces in-place vulnerable packages with their sealed version.

--mode - If mode is local it applies the fixes saved in the local configuration file. If mode is remote then it applies the fixes defined in the Seal server. If mode is all then it tries to seal every vulnerable package for which a sealed version exists. Default value is local.

--os - Extracts the vulnerable packages from the native package manager. For CentOS, Red Hat Enterpise Linux, Oracle Linux and similar it uses yum, for Debian, Ubuntu and similar it uses dpkg, and for Alpine it uses apk.

--fs <ecosystem> [target-dir] - Search for vulnerable packages by scanning the filesystem under the target directory. If target-dir is not provided then it uses the current directory. For now, the only ecosystem supported is java.

--upload-scan-results - Uploads the list of vulnerable packages detected to the Seal server. This is useful for package discovery in case you don't have a source control integration, so Seal cannot scan your code for dependencies. This flag allows Seal to use the CI pipeline integration to detect your vulnerable packages.

seal help - Prints the usage instructions.

seal scan - Scans the project open-source dependencies and prints the list of vulnerable packages and which packages have a sealed version available for download.

--os - Extracts the vulnerable packages from the native package manager. For CentOS, Red Hat Enterpise Linux, Oracle Linux and similar it uses yum, for Debian, Ubuntu and similar it uses dpkg, and for Alpine it uses apk.

--fs <ecosystem> [target-dir] - Search for vulnerable packages by scanning the filesystem under the target directory. If target-dir is not provided then it uses the current directory. For now, the only ecosystem supported is java.

--generate-local-config - Generates or updates the local configuration file with the recommended fixes, which can later be used by the seal fix command.

--generate-snyk-policy - Generates or updates the .snyk file, so the Snyk scanner is aware of the vulnerabilities fixed by Seal. Can only be used together with --generate-local-config.

--upload-scan-results - Uploads the list of vulnerable packages detected to the Seal server. This is useful for package discovery in case you don't have a source control integration, so Seal cannot scan your code for dependencies. This flag allows Seal to use the CI pipeline integration to detect your vulnerable packages.

--csv string - Saves the output of the scan results to the specified file path.

seal version - Prints the CLI's version. The latest version is always available here.

Flags:

-h, --help - Prints the usage instructions for the given command.

-v, -vv, -vvv - Sets the logging verbosity level. Useful for debugging.

PreviousUploading Scan ResultsNextSCA Integrations

Last updated