Rules Screen

The rules screen is used to manage the package replacement rules when using the remote configuration deployment.

It is built as a table, enumerating all the rules that have been configured for this tenant.

Each rule has the following elements:

1. Project - The project the rules applies to. Either a specific project, or all the projects.

2. Vulnerable package - The package (including specific version) that must be replaced. Either a specific package, or all vulnerable packages.

3. Substitute version - The alternative version that should be used when encountering the vulnerable package in the relevant project. There are 3 options:

   1. A specific sealed version - for example 3.9.0+sp1 (as shown in the screenshot below). This will pin the replacement version that you're using to a specific version. If a new vulnerability is disclosed in the package and Seal will release a new sealed version addressing the new vulnerability (for this example - 3.9.0+sp2), you will need to actively change the rule you're using.

   2. The safest version - for example 3.9.0-safest. This will tell the Seal CLI to always pull the safest version Seal released. So if a new vulnerability is disclosed in the package and Seal releases a new sealed version addressing the new vulnerability (for this example - 3.9.0+sp2), it will automatically be used next time without any additional intervention.

   3. The original version - This will tell the Seal CLI not to replace the vulnerable version. This option only makes sense when you want to exclude a particular package from being remediated. For example, if you have a rule to use the safest version of aiohttp in all projects, but you don't want to patch it in a specific project, then you can create another rule specifying to use the original version in that specific project (because specific rules always take precedence).