Deployments
The Seal platform supports a variety of deployment methods, allowing you to tailor it to your organization's workflows and needs. You can configure the level of automation you're comfortable with, and divide the responsibilities between the security team and developers in the manner most suited to your organization.
Automatic Remediation - With this fully automatic deployment, vulnerable packages are sealed automatically whenever a new vulnerability is made public. For the most part, there's no need for manual interference by the developers or the security team. All that is needed is to deploy the sealed version to production.
Remote Configuration - With this deployment, vulnerable packages are sealed according to the rules set by the security team through Seal's web interface. The security team controls what gets sealed, and they can fix things independently from the developers. When sealing a vulnerability there is no pull request, and the changes are not tracked by the source control. The CLI is responsible for cleanly applying the security fixes.
Local Configuration - With this deployment, vulnerable packages are sealed according to the rules set by the developers in each project's local configuration file. The developers control what gets sealed, and every change is committed to the organization's source control, but the CLI is responsible for cleanly applying the security fixes.
Artifact Server - With this deployment, the developers are responsible to manually edit the projects' dependencies. This gives the developers full control, and does not depend on integrating Seal's CLI as part of the CI. However, manual edits can be quite challenging, and they require the most effort from the developers.
Last updated