Importing manifests & SBOMs
One-shot uploads of dependency manifests, SBOMs, and Snyk CSV exports.
The Seal Platform accepts three kinds of one-shot uploads:
Uploading a dependency manifest:
package-lock.json,requirements.txt,pom.xml, and other ecosystem-specific lockfiles.Uploading an SBOM: CycloneDX or SPDX in JSON.
Importing from a Snyk export: a CSV exported from Snyk.
All three go through the same Import from file flow on the Projects page. Each upload creates or contributes to one Seal Project, and the project ends up in imported manifest discovery mode. The upload is a snapshot: the platform parses the file once and does not refresh it, so the picture ages from the moment of import.
When file imports are the right choice
File imports are the answer when the higher-reliability discovery modes are not available to you. Specifically, when for security or organizational reasons you cannot:
Connect Seal to your source control,
Run the Seal CLI in your CI/CD pipeline, and
Configure the Seal Artifact Server as your primary remote so it sees all your build's package pulls.
When at least one of those is available, prefer it. Source code, CLI, and artifact-server-as-primary-remote all give Seal a refreshing picture; imports are a frozen snapshot.
Before you start
You have the Admin, Sealer, or Collaborator role in Seal.
You know the file type and have the file accessible. The detector inspects filename and contents, so a file named correctly for its kind is the easiest path.
You have decided whether the upload should create a new Seal Project or attach to the Default project.
The shared flow
Open the Projects page.
Click Import projects and select Import from file.
Drag the file onto the upload area, or click to browse. The modal validates the file and shows the detected type.
Choose the destination:
Add entries to a new project and provide a project name. The platform creates a new Seal Project with that name and assigns its Project ID.
Add entries to the Default project to land the entries in the catch-all instead.
Confirm the upload.
The Seal Platform parses the file asynchronously after the modal closes; the resulting Seal Project (or new entries in Default) appears on the Projects page within a minute.
What each upload produces
Dependency manifest
One Seal Project (or Default) populated with the packages declared in the manifest.
SBOM
One Seal Project (or Default) populated with the components listed in the SBOM.
Snyk CSV export
One Seal Project (or Default) populated with the vulnerable packages from the export.
Related
Imported manifest mode: the discovery mode an upload puts a Seal Project into.
Creating a Seal Project: the rest of the project-creation paths.
Last updated