# Sealing Application Dependencies ## Code examples Here are some simple usage examples of using the Seal CLI to fix application dependencies in the context of various package managers. Please note that the CLI **replaces** the vulnerable packages with their sealed versions. So the process is always: 1. Download the packages normally 2. Run the CLI 3. For relevant ecosystems - build the project ### npm project ```bash # Initialize an npm project npm init -y # Install example dependency npm install ejs@2.7.4 # Scan the manifest file for vulnerable packages and create a local configuration # file telling the CLI to fix the example dependency seal scan --generate-local-config # Note that a .seal-actions.yml file was created # Fix the example dependencies by replacing them with their sealed versions seal fix ``` ### pip project ```bash # Create and activate Python virtual environment python3 -m venv .venv source .venv/bin/activate # Install example dependency pip install pyjwt==1.7.1 # Create the manifest file pip freeze > requirements.txt # Scan the manifest file for vulnerable packages and create a local configuration # file telling the CLI to fix the example dependency seal scan --generate-local-config # Note that a .seal-actions.yml file was created # Fix the example dependencies by replacing them with their sealed versions seal fix ``` ### Maven project ```bash # Create a new project using a Maven template mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false cd example-app # Add example dependency sed -i '' -r "s//\n \n com.fasterxml.jackson.core<\/groupId>\n jackson-databind<\/artifactId>\n 2.10.5.1<\/version>\n <\/dependency>/" pom.xml # Resolve the project's dependencies mvn dependency:resolve # Scan the manifest file for vulnerable packages and create a local configuration # file telling the CLI to fix the example dependency seal scan --generate-local-config # Note that a .seal-actions.yml file was created # Fix the example dependencies by replacing them with their sealed versions seal fix # Build your project using the sealed versions mvn install ``` ### Gradle project ```bash mkdir example-app && cd example-app # Create Gradle project gradle init --type java-application --dsl groovy --package com.example.app --project-name example-app --test-framework junit --java-version 21 --no-split-project --no-incubating # Add example dependency echo ' dependencies { implementation "commons-io:commons-io:2.2" } ' >> app/build.gradle # Resolve the dependencies (newer Gradle versions support --dry-run) ./gradlew build # Scan the manifest file for vulnerable packages and create a local configuration # file telling the CLI to fix the example dependency seal scan --generate-local-config # Note that a .seal-actions.yml file was created # Fix the example dependencies by replacing them with their sealed versions seal fix # Build your project using the sealed versions ./gradlew build ``` ### Composer project ```bash # Initialize a Composer project composer init --name test/project --type=project -n # Install example dependency composer require phpseclib/phpseclib=3.0.23 # Scan the manifest file for vulnerable packages and create a local configuration # file telling the CLI to fix the example dependency seal scan --generate-local-config # Note that a .seal-actions.yml file was created # Fix the example dependencies by replacing them with their sealed versions seal fix ```