# Uploading a dependency manifest

Uploading a dependency manifest gives Seal a one-time view of the packages a build resolves to. The Seal Project lands in [imported manifest discovery mode](/new-documentation/new-docs/package-discovery-mode/imported-manifest.md). The snapshot does not refresh: subsequent commits or builds in the customer's environment do not update it.

## Supported file types

| Ecosystem      | Files                                              |
| -------------- | -------------------------------------------------- |
| npm            | `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml` |
| Python         | `requirements.txt`, `Pipfile.lock`                 |
| Go             | `go.mod`                                           |
| Maven          | `pom.xml`                                          |
| .NET           | `*.csproj`                                         |
| PHP (Composer) | `composer.lock`                                    |
| Ruby (Bundler) | `Gemfile.lock`                                     |

`package.json` is **not** accepted. It declares dependencies but does not pin them; only resolved manifests (lockfiles) and `pom.xml` produce a meaningful snapshot.

## Steps

Follow the [shared Import from file flow](/new-documentation/new-docs/importing-manifests.md#the-shared-flow). Drag your manifest file onto the upload area; the detector picks the right parser based on the filename.

## Verify

The new Seal Project appears on the Projects page in **Imported manifest** discovery mode. Discovered packages appear on the Protection page's Vulnerable packages tab as the parser finishes.

## Troubleshooting

**The modal rejects `package.json`.** Upload `package-lock.json` (or `yarn.lock` / `pnpm-lock.yaml`) instead.

**The modal rejects the file outright.** The detector inspects both filename and content. A renamed file (for example, `requirements.txt` saved as `deps.txt`) is rejected. Use the canonical filename.

## Related

* [Importing manifests & SBOMs](/new-documentation/new-docs/importing-manifests.md): the parent overview, including the destination radio and what the upload produces.
* [Imported manifest mode](/new-documentation/new-docs/package-discovery-mode/imported-manifest.md): coverage and refresh behavior.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sealsecurity.io/new-documentation/new-docs/importing-manifests/dependency-manifest.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.