# Integrating with the CI

Our CLI is built to be easily integrated as part of an organization's CI pipeline.

## GitHub Actions

If you're using GitHub actions then you can just incorporate Seal Security's own [GitHub action](https://github.com/seal-community/cli-action).

Just add it immediately after pulling the packages (for example with `npm install`) and before any other step:

```yaml
  name: seal cli
  uses: seal-community/cli-action@latest
  with:
    mode: fix
    fix_mode: all
    token: <token> # replace with a token to the artifact server
    project: <project-id> # replace with the ID of the project
```

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

* Use the local configuration and set `fix_mode: local`.
* Use the remote configuration and set `fix_mode: remote`.

## GitLab

Add a step immediately after pulling the packages (for example with `npm install`) and before any other step:

```yaml
  before_script:
    - curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
    - unzip seal.zip
    - ./seal fix --mode all
  variables:
    SEAL_CLI_VERSION: latest
    SEAL_TOKEN: <token> # replace with a token to the artifact server
    SEAL_PROJECT: <project-id> # replace with the ID of the project
```

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

* Use the local configuration and set `--mode local` .
* Use the remote configuration and set `--mode remote`.

## Other CI Platforms

The CLI should be added as the step immediately after pulling the packages (for example with `npm install`) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal.

```bash
export SEAL_TOKEN=<token> # replace with a token to the artifact server
export SEAL_PROJECT=<project-id> # replace with the ID of the project
export SEAL_CLI_VERSION=latest
curl -fsSL https://github.com/seal-community/cli/releases/download/${SEAL_CLI_VERSION}/seal-linux-amd64-${SEAL_CLI_VERSION}.zip -o seal.zip
unzip seal.zip
./seal fix --mode all
```

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

* Use the local configuration and set `--mode local` .
* Use the remote configuration and set `--mode remote`.

## Docker

You can also use our CLI in a docker. The CLI should be added as the step immediately after pulling the packages (for example with `npm install`) and before anything else.

The following example shows how to directly download the latest version of the CLI from a Linux terminal and deploy it in a Dockerfile.

<pre class="language-docker"><code class="lang-docker"># Replace with a token for the artifact server
# Note: for a secure setup, we recommend using Build Secrets - https://docs.gitlab.com/ee/ci/build_secret/
ENV SEAL_TOKEN=&#x3C;token>
# Replace with the project ID
ENV SEAL_PROJECT=&#x3C;project-id>
# To avoid caching, add the line below and run the build with: `--build-arg SEAL_CACHE_BUST=$(date +%s)`
ARG SEAL_CACHE_BUST=0
# Download the CLI
ADD --chmod=755 https://github.com/seal-community/cli/releases/download/latest/seal-linux-amd64-latest?sealcache=${SEAL_CACHE_BUST} seal
<strong># Fix all of the vulnerabilities
</strong><strong>RUN ./seal fix --mode all --remove-cli
</strong></code></pre>

Note that this will apply every possible fix. If you prefer to select which packages to seal, then depending on your workflow either:

* Use the local configuration and set `--mode local` .
* Use the remote configuration and set `--mode remote`.