Choosing Your Deployment

The Seal platform supports many different deployments. In this page we will help you choose the deployment method best suited to your organization's workflows and needs.

For the best experience, it is recommended that you integrate Seal's CLI into your CI.

With the CLI integration, there are several sealing methodologies available:

1. Automatic remediation - With this configuration, Seal's CLI will automatically replace any vulnerable package with its sealed version. This will happen automatically whenever the CI runs, and will require no further actions from the developers or the security team. It provides the highest level of automation, guaranteeing you're always up-to-date with the latest patches.

2. Remote configuration - With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules you define on Seal's web interface. The security team will be able to define these rules independently from the developers. No pull requests are necessary. It provides a high level of automation, allowing the security team to be in control of what packages are used.

3. Local configuration - With this configuration, Seal's CLI will automatically replace vulnerable packages according to the rules in the project's configuration file. Each update of the rules requires a pull request, which the developers can merge according to their discretion. It provides a high level of automation, and unlike the automatic remediation and remote configuration each fix is recorded in the source control. This allows the developers to be in control of what packages are used. Note that by using the Seal App connected to your source control, it's possible to have automated pull requests instead of having the developers create them manually.

Without the CLI integration, there's only one way to use the sealed packages:

• Manually editing your dependencies - For this configuration to work, you will have to configure Seal as your artifact server. Whenever a user decides to remediate a particular vulnerable dependency, they will have to manually edit the project's dependencies to use the sealed packages. Note that manually editing transitive dependencies can be tricky in some package managers.

Summary table: