Package Discovery

The first thing we need to do is discover what vulnerable packages are currently in use. In the onboarding screen you will have the option to connect the Seal platform to your GitHub repositories.

Package discovery can be done in two main ways:

  1. If you're using GitHub or Azure Devops, you can connect the Seal platform to your repositories. Seal's app will then scan your project dependencies and identify the vulnerable packages. To proceed with this setup for GitHub click on Connect GitHub. To connect to Azure Devops click Skip and follow the instructions here.

  2. However, if you're not using one of the supported source controls, or prefer not to give Seal read access to your repositories, you may instead configure Seal as your artifact server. With this configuration, Seal will identify the vulnerable packages you're pulling from the server. To proceed with this setup click Skip.

It's highly recommended to use the Seal app if possible, as it provides the best coverage and gives a clear picture of your vulnerable dependencies at all time.

With the appWithout the app

Coverage

Any vulnerable dependency

Any vulnerable package that is pulled from the server

Update frequency

Always up-to-date

Only when the project is built

Required permissions

Read for your GitHub projects

None

Alerts marked as fixed

Automatically

Manually through the UI

Last updated