Sealing Application Dependencies

Code examples

Here are some simple usage examples of using the Seal CLI to fix application dependencies in the context of various package managers. Please note that the CLI replaces the vulnerable packages with their sealed versions. So the process is always:

Download the packages normally
Run the CLI
For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install ejs@2.7.4

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

PreviousUsage Examples NextSealing Linux Environments

Last updated 3 months ago

Code examples

Download the packages normally

Run the CLI

For relevant ecosystems - build the project

npm project

# Initialize an npm project
npm init -y

# Install example dependency
npm install ejs@2.7.4

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

pip project

# Create and activate Python virtual environment
python3 -m venv .venv
source .venv/bin/activate

# Install example dependency
pip install pyjwt==1.7.1

# Create the manifest file
pip freeze > requirements.txt

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

Maven project

# Create a new project using a Maven template
mvn archetype:generate -DgroupId=com.example.app -DartifactId=example-app -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd example-app

# Add example dependency
sed -i '' -r "s/<dependencies>/<dependencies>\n    <dependency>\n      <groupId>com.fasterxml.jackson.core<\/groupId>\n      <artifactId>jackson-databind<\/artifactId>\n      <version>2.10.5.1<\/version>\n    <\/dependency>/" pom.xml

# Resolve the project's dependencies
mvn dependency:resolve

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix

# Build your project using the sealed versions
mvn install

Composer project

# Initialize a Composer project
composer init --name test/project --type=project -n

# Install example dependency
composer require phpseclib/phpseclib=3.0.23

# Scan the manifest file for vulnerable packages and create a local configuration
# file telling the CLI to fix the example dependency
seal scan --generate-local-config
# Note that a .seal-actions.yml file was created

# Fix the example dependencies by replacing them with their sealed versions
seal fix