Scanning

The CLI enables you to to easily detect vulnerable open-source dependencies and see for which ones a vulnerability-free sealed version exists.

Using the CLI is very simple:

Go to the root directory of the project and install its dependencies (e.g npm install).
Run seal scan. To save the output as a CSV use seal scan --csv output.txt. The dependencies will be checked against several vulnerability databases (such as OSV).
The results will be presented as a table of packages and vulnerabilities. The CAN SEAL and SEALED VERSION columns show whether the particular vulnerable package has a patched version that is available on Seal's artifact server. For example:

LIBRARY	VERSION	ECOSYSTEM	VULNERABILITIES	CAN SEAL	SEALED VERSION
d3-color	2.0.0	Node	GHSA-36jr-mh4h-2g58 (5.3)	V	2.0.0-sp1
semver	7.0.0	Node	CVE-2022-25883 (7.5)	V	7.0.0-sp1
set-value	3.0.3	Node	CVE-2021-23440 (7.3)	X
passport-saml	1.5.0	Node	CVE-2022-39299 (8.1) CVE-2021-39171 (5.3)	V	1.5.0-sp1
axios	0.21.4	Node	CVE-2023-45857 (7.1)	V	0.21.4-sp1

LIBRARY

VERSION

ECOSYSTEM

VULNERABILITIES

CAN SEAL

SEALED VERSION

d3-color

2.0.0

Node

GHSA-36jr-mh4h-2g58 (5.3)

2.0.0-sp1

semver

7.0.0

Node

CVE-2022-25883 (7.5)

7.0.0-sp1

set-value

3.0.3

Node

CVE-2021-23440 (7.3)

passport-saml

1.5.0

Node

CVE-2022-39299 (8.1) CVE-2021-39171 (5.3)

1.5.0-sp1

axios

0.21.4

Node

CVE-2023-45857 (7.1)

0.21.4-sp1

Last updated 3 months ago