The onboarding wizard

A guided three-stage setup that runs the first time anyone signs in to a new tenant.

The onboarding wizard runs automatically the first time anyone signs in to a brand-new tenant. It walks the first user through generating an access token for the Seal CLI, optionally connecting Seal to GitHub, and importing the tenant's first projects so Seal has something to scan.

Some tenants are configured by Seal to skip the wizard. In that case the first user lands directly on the Protection page, where the equivalent setup options are offered as Welcome cards.

The wizard runs once per tenant. After it completes or is skipped, subsequent users land on the Dashboard.

You can skip any step in the wizard with a Maybe later button.

1. Set up your CLI access

The first stage generates a production access token that the Seal CLI uses to authenticate against the Seal Artifact Server.

Click Generate token. The token appears in a read-only field with a copy-to-clipboard icon.
Copy the token and save it somewhere secure: a secret manager or your CI/CD's secret store. The token only allows pulling sealed packages from the Seal Artifact Server; it does not let anyone perform operations on the platform on your behalf. Treat it like any other credential.
The token is shown only at generation time. If you lose it, you can create a new one from Settings > Tokens at any time. The Tokens tab is also where you create development tokens for local use.
Click Next to continue.

2. Connect your source control

Connecting Seal to your source control gives Seal more accurate visibility into your packages and, for GitHub, lets Seal open automatic pull requests for fixes. Seal recommends connecting if you can. It is not a blocker: if your team does not yet have permission to install GitHub Apps in your organization or approval will take time, click Maybe later and proceed with a CLI-only setup. Seal works fully without source-control access.

The wizard's source-control step uses GitHub, through the Seal GitHub App. Click the GitHub card to install and authorize the app. You will be redirected to GitHub to choose which repositories Seal sees, then returned to the wizard.

For GitLab or Azure DevOps connections, set those up later from the Projects page using the Import project button.

3. Import your first projects

After GitHub is connected, the wizard offers two import flows:

Pick from a list of all your repositories. Seal lists the repositories you authorized; you select which ones to import. This flow works well when your authorized set is in the dozens. With thousands of repositories it becomes impractical to select individually; importing all of them is possible, but the initial scan can take an hour or more.
Paste specific repository URLs. If you already know which repository or repositories you want, paste their URLs directly. The manual flow is currently capped at three URLs.

Once at least one project is imported, click Next to finish the wizard. You land on the Dashboard.

The Welcome cards on the Protection page

Until your tenant has accumulated scan data, the Protection page shows two suggestion cards in place of the usual tabs. The cards are the same setup choices the wizard offers and remain available whether you went through the wizard, skipped it, or your tenant was configured to skip it from the start. Once Seal has scanned at least one Seal Project, the cards are replaced by the regular Protection page tabs.

Connect to source control

The card's primary button is labeled Import projects. Clicking it opens a dropdown of supported sources:

GitHub (the recommended path; uses the Seal GitHub App).
GitLab.
Azure DevOps.
Snyk, for importing existing Snyk projects into Seal.
A file-upload option for one-shot manifest or SBOM imports.

Selecting a source opens its modal, which handles authentication and project selection.

Connect to artifact server

The card's button is labeled See instructions. Clicking it opens an in-page guide showing the three things you need to use the Seal Artifact Server as a deployment method:

Generate an access token. The same generate-token control the wizard uses is embedded in the modal. If you already have a token saved, you do not need a new one.
Configure Seal as an artifact server in your package manager.
Edit your dependency files to use sealed versions.

The modal links out to the relevant setup chapters and to [email protected] for help.

After the wizard

Initial scans run in the background.

Right after the wizard exits, the Dashboard shows a Welcome view with onboarding suggestions rather than the regular metric tiles, since no scans have produced data yet. To watch scan results as they come in, open the Vulnerable packages tab on the Protection page. (Until at least one scan has produced data, that tab is replaced by the Welcome cards above.) Once it appears, the tab lists the vulnerable packages Seal has found, the vulnerabilities affecting them, and a count of vulnerable packages at the top. It updates as each scan completes.

If you skipped source-control connection, your next step is usually to install the Seal CLI in your CI/CD pipeline. See Seal Apps via the Seal CLI in CI/CD.

To create additional Seal Projects, see Creating a Seal Project.

PreviousSign up and sign in NextManaging users, roles & SSO

Last updated 15 days ago

hashtag1. Set up your CLI access

hashtag2. Connect your source control

hashtag3. Import your first projects

hashtagThe Welcome cards on the Protection page

hashtagConnect to source control

hashtagConnect to artifact server

hashtagAfter the wizard

hashtagRelated