User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • APIs
    • List Vulnerable Packages
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  • Code examples
  • npm project
  • pip project
  • Maven project
  • Gradle project
  • Composer project
  1. Fundamentals
  2. CLI
  3. Usage Examples

Sealing Application Dependencies

Code examples

Here are some simple usage examples of using the Seal CLI to fix application dependencies in the context of various package managers. Please note that the CLI replaces the vulnerable packages with their sealed versions. So the process is always:

  1. Download the packages normally

  2. Run the CLI

  3. For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install ejs@2.7.4

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Gradle project

mkdir example-app && cd example-app

# Create Gradle project
gradle init --type java-application --dsl groovy --package com.example.app --project-name example-app --test-framework junit --java-version 21 --no-split-project --no-incubating

# Add example dependency
echo '
dependencies {
    implementation "commons-io:commons-io:2.2"
}
' >> app/build.gradle

# Resolve the dependencies (newer Gradle versions support --dry-run)
./gradlew build
# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
./gradlew build

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

PreviousUsage ExamplesNextSealing Linux Environments

Last updated 2 days ago