Integrating with the CI
Our CLI is built to be easily integrated as part of an organization's CI pipeline.
GitHub Actions
If you're using GitHub actions then you can just incorporate Seal Security's own GitHub action.
Just add it immediately after pulling the packages (for example with npm install
) and before any other step:
name: seal cli
uses: seal-community/cli-action@latest
with:
mode: fix
fix_mode: all
token: <token> # replace with a token to the artifact server
project: <project-id> # replace with the ID of the project
Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:
Use the local configuration and set
fix_mode: local
.Use the remote configuration and set
fix_mode: remote
.
GitLab
Add a step immediately after pulling the packages (for example with npm install
) and before any other step:
before_script:
- curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
- unzip seal.zip
- ./seal fix --mode all
variables:
SEAL_CLI_VERSION: latest
SEAL_TOKEN: <token> # replace with a token to the artifact server
SEAL_PROJECT: <project-id> # replace with the ID of the project
Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:
Use the local configuration and set
--mode local
.Use the remote configuration and set
--mode remote
.
Other CI Platforms
The CLI should be added as the step immediately after pulling the packages (for example with npm install
) and before anything else.
The following example shows how to directly download the latest version of the CLI from a Linux terminal.
export SEAL_TOKEN=<token> # replace with a token to the artifact server
export SEAL_PROJECT=<project-id> # replace with the ID of the project
export SEAL_CLI_VERSION=latest
curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
unzip seal.zip
./seal fix --mode all
Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:
Use the local configuration and set
--mode local
.Use the remote configuration and set
--mode remote
.
Docker
You can also use our CLI in a docker. The CLI should be added as the step immediately after pulling the packages (for example with npm install
) and before anything else.
The following example shows how to directly download the latest version of the CLI from a Linux terminal and deploy it in a Dockerfile.
# replace with a token to the artifact server
ENV SEAL_TOKEN=<token>
# replace with the ID of the project
ENV SEAL_PROJECT=<project-id>
ENV SEAL_CLI_VERSION=latest
RUN curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o /tmp/seal.zip && \
unzip /tmp/seal.zip -d /usr/local/bin && \
seal scan && \
seal fix --mode all && \
rm -f /tmp/seal.zip /usr/local/bin/seal
Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:
Use the local configuration and set
--mode local
.Use the remote configuration and set
--mode remote
.
Last updated