New Documentation (in progress)
The remediation platform for open-source vulnerabilities.
Documentation rewrite in progress. This section contains the new documentation as it is drafted. The existing docs above remain authoritative until the rewrite is complete and promoted to the top level.
Seal Security is a remediation platform for open-source vulnerabilities. It produces sealed packages: drop-in replacements for the public versions you already use, with security fixes backported in. A sealed package is fully compatible with the version it replaces and free of high and critical vulnerabilities (lower severities, on request). You get the fixes you need without any of the breaking changes that come with an upgrade.
These docs cover the full surface of the Seal Platform: connecting your environment, discovering what is vulnerable, integrating the Seal CLI into your CI/CD pipeline, and operating Seal day to day. That includes the Seal AI Agent for natural-language interaction with the platform, the Seal Engineer for autonomous workflows, enterprise-grade reporting through the Reports Manager, and the integrations with your existing security stack.
Where to start
Pick the path that matches what you are trying to do.
Run an end-to-end Proof of Value
Understand what Seal is and how it works
See the full structure of these docs
Find a specific term
What Seal protects
Seal supports five products at the same level. Each addresses a different layer of your stack.
Seal Apps: your application's third-party open-source dependencies (npm, pip, Maven, Gradle, Go modules, Composer, Bundler, NuGet, and more).
Seal OS: Linux/OS-level packages, including EOL distributions.
Seal Base Images: clean container base images derived from existing public images.
Seal My Container: your existing private container images, sealed and pushed back to your own registry.
Seal Vendor Apps: open-source dependencies and language runtimes inside vendor-supplied containers you run, such as a Kafka image.
For one page per product, see The Seal product family.
Trust by default
Every artifact Seal produces is cryptographically signed and ships with an attestation listing exactly which vulnerabilities have been fixed. You can view the code diff for any sealed package against its origin version, validate the signatures yourself, and download Software Bill of Materials (SBOM) files for sealed images.
For the full transparency stack, see Trust, transparency & compliance.
Last updated