Sealing Application Dependencies

Code examples

Here are some simple usage examples of using the Seal CLI to fix application dependencies in the context of various package managers. Please note that the CLI replaces the vulnerable packages with their sealed versions. So the process is always:

Download the packages normally
Run the CLI
For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install [email protected]

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Gradle project

mkdir example-app && cd example-app

# Create Gradle project
gradle init --type java-application --dsl groovy --package com.example.app --project-name example-app --test-framework junit --java-version 21 --no-split-project --no-incubating

# Add example dependency
echo '
dependencies {
    implementation "commons-io:commons-io:2.2"
}
' >> app/build.gradle

# Resolve the dependencies (newer Gradle versions support --dry-run)
./gradlew build
# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
./gradlew build

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

PreviousUsage Examples NextSealing Linux Environments

Last updated 7 months ago