User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • APIs
    • List Vulnerable Packages
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  1. Fundamentals
  2. Deployments

Automatic Remediation

PreviousChoosing Your DeploymentNextRemote Configuration

Last updated 11 months ago

A particularly effective way of configuring the CLI is to auto-remediate everything.

Instead of manually editing your package.json's and requirements.txt files every time a new vulnerability comes out, you can configure the CLI to automatically remediate everything (that has a sealed version). This configuration allows developers to focus on building, while freeing security professionals from having to prioritize and engage about every single vulnerability.

To use Automatic Remediation, just integrate the CLI as a step in every CI pipeline, as explained . That's it! By default, the CLI will now replace every vulnerable package with its sealed version.

Unlike run-time solutions, the Seal platform integrates seamlessly into your CI pipeline. This way, all your automated tests run with the sealed versions before reaching production, so that you can be extra-confident everything is working properly before deploying.

here
Seal controls what packages are sealed