Usage Examples

Setting up the CLI

  1. Download and install the correct version of the CLI according to these instructions.

  2. Configure the access token to the artifact server. If you don't have a token see these instructions.

export SEAL_TOKEN=<token> # the access token for the server

Code examples

Here are some simple usage examples of the Seal CLI in the context of various package managers. Please note that the CLI replaces the vulnerable packages with their sealed versions. So the process is always:

  1. Download the packages normally

  2. Run the CLI

  3. For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install ejs@2.7.4

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix
PreviousCommandsNextUsing the CLI with JFrog

Last updated