Choosing Your Deployment

PreviousDeployments NextAutomatic Remediation

Last updated 5 months ago

Choosing Your Deployment

The Seal platform supports many different deployments. In this page we will help you choose the deployment method best suited to your organization's workflows and needs.

For the best experience, it is recommended that you integrate Seal's CLI into your CI.

With the CLI integration, there are several sealing methodologies available:

- With this configuration, Seal's CLI will automatically replace any vulnerable package with its sealed version. This will happen automatically whenever the CI runs, and will require no further actions from the developers or the security team. It provides the highest level of automation, guaranteeing you're always up-to-date with the latest patches.
- With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules you define on Seal's web interface. The security team will be able to define these rules independently from the developers. No pull requests are necessary. It provides a high level of automation, allowing the security team to be in control of what packages are used.
- With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules in the project's configuration file. Each update of the rules requires a pull request, which the developers can merge according to their discretion. It provides a high level of automation, and unlike the automatic remediation and remote configuration each fix is recorded in the source control. This allows the developers to be in control of what packages are used. Note that by using the Seal App connected to your source control, it's possible to have automated pull requests instead of having the developers create them manually.

Without the CLI integration, there's only one way to use the sealed packages:

editing your dependencies - For this configuration to work, you will have to . Whenever a user decides to remediate a particular vulnerable dependency, they will have to manually edit the project's dependencies to use the sealed packages. Note that manually editing transitive dependencies can be tricky in some package managers.

Summary table:

Sealing methodology

What is sealed?

Required integrations

Change tracking

Developer actions to fix something

Everything

Not involved

Selectively

Not involved

Selectively

Yes

Manually edits file (or uses automatic PRs)

edit dependencies

Selectively

Artifact server

Yes

Manually edits file

PreviousDeployments NextAutomatic Remediation

Last updated 5 months ago

The Seal platform supports many different deployments. In this page we will help you choose the deployment method best suited to your organization's workflows and needs.

For the best experience, it is recommended that you integrate Seal's CLI into your CI.

With the CLI integration, there are several sealing methodologies available:

- With this configuration, Seal's CLI will automatically replace any vulnerable package with its sealed version. This will happen automatically whenever the CI runs, and will require no further actions from the developers or the security team. It provides the highest level of automation, guaranteeing you're always up-to-date with the latest patches.
- With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules you define on Seal's web interface. The security team will be able to define these rules independently from the developers. No pull requests are necessary. It provides a high level of automation, allowing the security team to be in control of what packages are used.
- With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules in the project's configuration file. Each update of the rules requires a pull request, which the developers can merge according to their discretion. It provides a high level of automation, and unlike the automatic remediation and remote configuration each fix is recorded in the source control. This allows the developers to be in control of what packages are used. Note that by using the Seal App connected to your source control, it's possible to have automated pull requests instead of having the developers create them manually.

Without the CLI integration, there's only one way to use the sealed packages:

editing your dependencies - For this configuration to work, you will have to . Whenever a user decides to remediate a particular vulnerable dependency, they will have to manually edit the project's dependencies to use the sealed packages. Note that manually editing transitive dependencies can be tricky in some package managers.

Summary table:

Sealing methodology

What is sealed?

Required integrations

Change tracking

Developer actions to fix something

Everything

Not involved

Selectively

Not involved

Selectively

Yes

Manually edits file (or uses automatic PRs)

edit dependencies

Selectively

Artifact server

Yes

Manually edits file