User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • APIs
    • List Vulnerable Packages
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  • The local configuration
  • Adding packages to the local configuration
  1. Fundamentals
  2. CLI

Fixing Specific Dependencies

The local configuration

The seal fix --mode all command fixes all the vulnerable packages for which a sealed version exists.

The CLI also supports selecting which packages to fix by using --mode local together with the local configuration file .seal-actions.yml. This file is saved in the project's root directory and contains the instructions for the fix phase.

It's important to commit this file to your source control. As such, this file should be committed to your source control, so:

  1. Seal's app will recognize the vulnerability as sealed, and therefore no longer posing a threat for the project.

  2. If the Seal CLI is running as part of your CI, the local configuration file allows you to apply fixes selectively, and require approval by the developers for each new fix.

Adding packages to the local configuration

For each package you wish to fix, use the following command:

seal add package-name version.

For example: seal add ejs 2.7.4. This command will add to the local configuration file an instruction to replace ejs@2.7.4 with its sealed version ejs@2.7.4-sp1. If the local configuration file does not exist, it will be generated from scratch.

To generate a local configuration file with instructions to fix everything that has a sealed version in the project, you can use seal scan --generate-local-config instead of adding packages one-by-one.

Note that it's also possible to manually edit the overrides section in the local configuration file, as its format is straightforward:

...
    overrides:
      ejs:
        2.7.4:
          use: 2.7.4-sp1
PreviousFixing All DependenciesNextFixing OS Vulnerabilities

Last updated 9 months ago