Automatic Remediation
Last updated
Last updated
A particularly effective way of configuring the CLI is to auto-remediate everything.
Instead of manually editing your package.json
's and requirements.txt
files every time a new vulnerability comes out, you can configure the CLI to automatically remediate everything (that has a sealed version). This configuration allows developers to focus on building, while freeing security professionals from having to prioritize and engage about every single vulnerability.
To use Automatic Remediation, just integrate the CLI as a step in every CI pipeline, as explained here. That's it! By default, the CLI will now replace every vulnerable package with its sealed version.
Unlike run-time solutions, the Seal platform integrates seamlessly into your CI pipeline. This way, all your automated tests run with the sealed versions before reaching production, so that you can be extra-confident everything is working properly before deploying.