User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • APIs
    • List Vulnerable Packages
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  • GitHub Actions
  • GitLab
  • Other CI Platforms
  • Docker
  1. Fundamentals
  2. CLI

Integrating with the CI

PreviousFixing OS VulnerabilitiesNextUploading Scan Results

Last updated 5 months ago

Our CLI is built to be easily integrated as part of an organization's CI pipeline.

GitHub Actions

If you're using GitHub actions then you can just incorporate Seal Security's own .

Just add it immediately after pulling the packages (for example with npm install) and before any other step:

  name: seal cli
  uses: seal-community/cli-action@latest
  with:
    mode: fix
    fix_mode: all
    token: <token> # replace with a token to the artifact server
    project: <project-id> # replace with the ID of the project

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

  • Use the local configuration and set fix_mode: local.

  • Use the remote configuration and set fix_mode: remote.

GitLab

Add a step immediately after pulling the packages (for example with npm install) and before any other step:

  before_script:
    - curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
    - unzip seal.zip
    - ./seal fix --mode all
  variables:
    SEAL_CLI_VERSION: latest
    SEAL_TOKEN: <token> # replace with a token to the artifact server
    SEAL_PROJECT: <project-id> # replace with the ID of the project

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

  • Use the local configuration and set --mode local .

  • Use the remote configuration and set --mode remote.

Other CI Platforms

The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal.

export SEAL_TOKEN=<token> # replace with a token to the artifact server
export SEAL_PROJECT=<project-id> # replace with the ID of the project
export SEAL_CLI_VERSION=latest
curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
unzip seal.zip
./seal fix --mode all

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

  • Use the local configuration and set --mode local .

  • Use the remote configuration and set --mode remote.

Docker

You can also use our CLI in a docker. The CLI should be added as the step immediately after pulling the packages (for example with npm install) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal and deploy it in a Dockerfile.

# replace with a token to the artifact server
ENV SEAL_TOKEN=<token>
# replace with the ID of the project
ENV SEAL_PROJECT=<project-id>
ENV SEAL_CLI_VERSION=latest
RUN curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o /tmp/seal.zip && \
    unzip /tmp/seal.zip -d /usr/local/bin && \
    seal scan && \
    seal fix --mode all && \
    rm -f /tmp/seal.zip /usr/local/bin/seal

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

  • Use the local configuration and set --mode local .

  • Use the remote configuration and set --mode remote.

GitHub action