# Commands `seal add ` This command adds an entry to your project's local configuration file, instructing Seal to apply a backported fix to all instances of the specified package version. Flags: * `--os`: Use this flag to add a fix for a package that is part of the operating system. * `--fs `: Use this flag to fix a package within a specific filesystem ecosystem located in the target directory. If `target-dir` is not provided then it uses the current directory. Supported ecosystems include `java` and `python`. #### `seal fix [target-dir]` This command replaces vulnerable packages with their secure, sealed versions directly within your project. Flags: * `--mode`: Specifies which fixes to apply. * `local`: Applies the fixes defined in your local configuration file (this is the default). * `remote`: Applies fixes defined on the Seal server. * `all`: Attempts to fix every vulnerable package for which a sealed version exists. * `--os`: Fixes vulnerable packages managed by the operating system's native package manager. This flag supports: * `yum`: for CentOS, Red Hat Enterprise Linux, Oracle Linux, and similar. * `dpkg`: for Debian, Ubuntu, and similar. * `apk`: for Alpine. * `--fs `: Fixes vulnerable packages found by scanning the filesystem within the specified `[target-dir]`. If no `[target-dir]` is provided, it defaults to the current directory. Supported ecosystems are `java` and `python`. * `--upload-scan-results`: Uploads the list of detected vulnerable packages to the Seal server. This is useful for deployments without a source control integration, as it allows Seal to discover and track your dependencies through your CI pipeline. Arguments: * `[target-dir]`: The directory to scan for vulnerable packages when using the `--fs` flag. * **`seal help`** - Use this command to view the comprehensive usage instructions for the Seal CLI. It will print a list of all commands, flags, and their descriptions directly to your terminal. #### `seal scan [target-dir]` This command scans your project's open-source dependencies and prints a list of vulnerable packages, highlighting which ones have a sealed version available. #### Flags * `--os`: Scans for vulnerable packages managed by your operating system's native package manager. This supports `yum` (for CentOS, RHEL, etc.), `dpkg` (for Debian, Ubuntu, etc.), and `apk` (for Alpine). * `--fs `: Finds vulnerable packages by scanning the filesystem. If you don't provide a `[target-dir]`, it uses the current directory. Supported ecosystems are `java` and `python`. * `--generate-local-config`: Creates or updates a local configuration file with recommended fixes, which you can then apply using the `seal fix` command. * `--generate-snyk-policy`: Creates or updates the `.snyk` file to inform the Snyk scanner about vulnerabilities fixed by Seal. This flag must be used with `--generate-local-config`. * `--upload-scan-results`: Uploads the detected vulnerable packages to the Seal server. This is useful for environments without source control integration, allowing Seal to discover your dependencies via your CI pipeline. * `--csv string`: Saves the scan results to the specified file path in CSV format. #### Arguments * `[target-dir]`: The directory to scan for vulnerable packages when using the `--fs` flag. **`seal version`** - Prints the current version of the Seal CLI. The latest version is always available for download [here](https://github.com/seal-community/cli/releases/tag/latest). #### Flags: These flags can be used with any Seal CLI command. * `-h, --help`: Prints the usage instructions and available options for the specified command. * `-v, -vv, -vvv`: Adjusts the logging verbosity level. This is useful for debugging and provides more detailed output. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sealsecurity.io/fundamentals/cli/commands.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.