User Guide
  • Fundamentals
    • Quick Start Guide
      • Signing Up
      • Package Discovery
        • Connecting to GitHub
        • Connecting to GitLab
        • Connecting to Azure DevOps
        • Connecting to the CI Pipeline
        • Connecting to the Artifact Server
      • Package Sealing
        • Integrating the CLI in the CI
        • Editing Dependencies
    • Deployments
      • Choosing Your Deployment
      • Automatic Remediation
      • Remote Configuration
      • Local Configuration
      • Artifact Server
    • CLI
      • Download and Installation
      • Scanning
      • Fixing All Dependencies
      • Fixing Specific Dependencies
      • Fixing OS Vulnerabilities
      • Integrating with the CI
      • Uploading Scan Results
      • Commands
      • SCA Integrations
      • JFrog Integration
      • Usage Examples
        • Sealing Application Dependencies
        • Sealing Linux Environments
    • Artifact Server
      • Generating a Token
      • Artifact Server Ordering
      • Configuring the Package Manager
        • Configuring apk
        • Configuring Composer
        • Configuring Go
        • Configuring Gradle
        • Configuring Maven
        • Configuring npm
        • Configuring pip
        • Configuring Poetry
        • Configuring yarn
        • Configuring yum
      • Clearing the Cache
      • Editing Your Dependencies
    • Web Interface
      • Rules Screen
  • APIs
    • List Vulnerable Packages
  • FAQ
  • Vulnerability Disclosure
Powered by GitBook
On this page
  1. Fundamentals
  2. Quick Start Guide

Package Sealing

PreviousConnecting to the Artifact ServerNextIntegrating the CLI in the CI

Last updated 1 year ago

After we set up the package discovery, and we have some list of of vulnerable packages in the Protection page, we can proceed to setting up the package sealing.

The first time you click on the Seal button next to some vulnerable package you will encounter the following screen:

As you can see, the recommended setup is to integrate the pipeline. With this setup, our CLI will replace the vulnerable packages with sealed ones, in accordance with an instructions file committed to your source control.

However, if you prefer not to use our CLI as part of your CI, you may instead configure , and then manually edit your dependencies.

Seal as your artifact server
Seal CLI as part of your CI