Step-by-Step Setup Guide

This guide walks you through the initial account setup, token generation, and connecting your first project to Seal Security.

Account Creation & Token Generation

Follow these steps to access the platform and prepare your environment. If you already have a token, you can skip to the next section.

Access the Invite: Click on the Sign in > button in the Seal Security invite email you received.
Log In: Log in to the platform using your password or social login credentials.
Start Onboarding: We're starting the onboarding flow. Click Next > to begin.
Generate Token: First, you must generate a token to Seal's artifact server. This allows you to download our sealed versions.
1. Generate: Click on Generate token.
2. Copy: Copy the newly generated token using the copy icon at the right of the text box.
  Important: You will need this token later. While it should eventually be saved in a secure location (like a password manager or secret store), copy it now for immediate use in the next steps.
3. Download CLI: Download the appropriate CLI binary for your machine.
4. Continue: Click Next >.
Click Next > and then click on GitHub.
Grant Access and Install Bot: You need to give the Seal Security Bot access to the relevant repositories:
1. Connect to your GitHub account.
2. Install the Seal Security Bot. In this screen, you will be asked to select the relevant GitHub organization, and then decide whether to give the Seal app access to all its repositories or to select specific ones.
3. After you've selected which repositories you're giving access to, you'll return to the onboarding flow.
  Grant Access and Install Bot
Choose your import method: Automatic (Bulk) or Manual (One-by-one).
Path A1: Manual Import
Manual Import
1. Paste the path to your repository. You can add up to 3 repositories at once.
2. Give each repository a name.
3. Click Import.
Path A2: Automatic (Bulk) Import
Automatic Import
1. Review the list of dependency files detected in your repository.
2. Select the specific dependency files you wish to scan.
3. Click Import.
View Protection page: You will land on the Protection screen.
- Status: Since no projects are connected yet, we are not showing any results.
- Next Step: We are now going to populate this data using the CLI.

Configure the Artifact Server

To pull sealed versions, you must configure your environment to trust and prioritize Seal's repository. Choose the scenario that matches your infrastructure.

Prerequisites

In all configurations below, you will need the following values:

$SEAL_TOKEN: The Access Token you generated in the onboarding flow.
$SEAL_PROJECT: Your Project ID (e.g., my-first-project). This is used for reporting usage.

Configuration Steps:

We recommend defining the repository in your project's pom.xml and configuring authentication securelyvia your global settings.xml.

Edit pom.xml: Open the project's pom.xml file. Add the Seal Security repository inside the <repositories> tag. If the tag doesn't exist, create it. Note: Ensure Seal is the first repository listed.

<repositories>
  <repository>
    <id>seal-security</id>
    <url>https://maven.sealsecurity.io/</url>
    <releases><enabled>true</enabled></releases>
    <snapshots><enabled>false</enabled></snapshots>
  </repository>
</repositories>

Edit settings.xml: Open your Maven settings file (usually ~/.m2/settings.xml on Unix/Mac or %userprofile%\.m2\settings.xml on Windows). Add a <server> entry to the <servers> section. Important: The <id> must match the repository ID used in Step 1.
```
<settings>
  <servers>
    <server>
      <id>seal-security</id>
      <username>${env.SEAL_PROJECT}</username>
      <password>${env.SEAL_TOKEN}</password>
    </server>
  </servers>
</settings>
```
Build: When building your project, pass the project ID and token as environment variables SEAL_PROJECT and SEAL_TOKEN respectively.

Sealing a package

Once you have integrated the Seal artifact server into your pipeline, follow these steps to see the results.

Last updated 4 months ago