Integrating with the CI

Our CLI is built to be easily integrated as part of an organization's CI pipeline.

GitHub Actions

If you're using GitHub actions then you can just incorporate Seal Security's own .

Just add it immediately after pulling the packages (for example with npm install) and before any other step:

  name: seal cli
  uses: seal-community/cli-action@latest
  with:
    mode: fix
    fix_mode: all
    token: <token> # replace with a token to the artifact server
    project: <project-id> # replace with the ID of the project

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

• Use the local configuration and set fix_mode: local.

• Use the remote configuration and set fix_mode: remote.

GitLab

Add a step immediately after pulling the packages (for example with npm install) and before any other step:

  before_script:
    - curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
    - unzip seal.zip
    - ./seal fix --mode all
  variables:
    SEAL_CLI_VERSION: latest
    SEAL_TOKEN: <token> # replace with a token to the artifact server
    SEAL_PROJECT: <project-id> # replace with the ID of the project

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

• Use the local configuration and set --mode local .

• Use the remote configuration and set --mode remote.

Other CI Platforms

The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal.

export SEAL_TOKEN=<token> # replace with a token to the artifact server
export SEAL_PROJECT=<project-id> # replace with the ID of the project
export SEAL_CLI_VERSION=latest
curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
unzip seal.zip
./seal fix --mode all

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

• Use the local configuration and set --mode local .

• Use the remote configuration and set --mode remote.

Docker

You can also use our CLI in a docker. The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal and deploy it in a Dockerfile.

# replace with a token to the artifact server
ENV SEAL_TOKEN=<token>
# replace with the ID of the project
ENV SEAL_PROJECT=<project-id>
ENV SEAL_CLI_VERSION=latest
RUN curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o /tmp/seal.zip && \
    unzip /tmp/seal.zip -d /usr/local/bin && \
    seal scan && \
    seal fix --mode all && \
    rm -f /tmp/seal.zip /usr/local/bin/seal

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

• Use the local configuration and set --mode local .

• Use the remote configuration and set --mode remote.