Sealing Application Dependencies

Code examples

Here are some simple usage examples of using the Seal CLI to fix application dependencies in the context of various package managers. Please note that the CLI replaces the vulnerable packages with their sealed versions. So the process is always:

  1. Download the packages normally

  2. Run the CLI

  3. For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install ejs@2.7.4

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

PreviousUsage ExamplesNextSealing Linux Environments

Last updated