# Step-by-Step Setup Guide

This guide walks you through the initial account setup, token generation, and connecting your first project to Seal Security.

## Account Creation & Token Generation

Follow these steps to access the platform and prepare your environment. If you already have a token, you can skip to the next section.

1. **Access the Invite:** Click on the **Sign in >** button in the Seal Security invite email you received.
2. **Log In:** Log in to the platform using your password or social login credentials.
3. **Start Onboarding:** We're starting the onboarding flow. Click **Next >** to begin.
4. **Generate Token:** First, you must generate a token to Seal's artifact server. This allows you to download our sealed versions.\
   ![Generate Token](https://2109738374-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FytkIsVkwVdKiLQ2CT6Sw%2Fuploads%2Fgit-blob-a569664e986808e0888776d94944176d136e2e3f%2Fonboarding2.avif?alt=media)
   1. **Generate:** Click on **Generate token**.
   2. **Copy:** Copy the newly generated token using the copy icon at the right of the text box.

      > **Important:** You will need this token later. While it should eventually be saved in a secure location (like a password manager or secret store), copy it now for immediate use in the next steps.
   3. **Continue:** Click **Next >**.
5. Click **Maybe later** to skip the GitHub integration.
6. **View Protection page:** You will land on the Protection screen.
   * **Status:** Since no projects are connected yet, we are not showing any results.
   * **Next Step:** We are now going to populate this data using the CLI. ![Empty Protection page](https://2109738374-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FytkIsVkwVdKiLQ2CT6Sw%2Fuploads%2Fgit-blob-86e634a1d589efea702be3f85e8e49bae5010c01%2Fonboarding_protection1.png?alt=media)

## Integrate the Seal CLI

To start fixing vulnerabilities (and populate the Protection page), you must integrate the CLI into your build pipeline.

**The Golden Rule:** In all cases, the CLI step must be added **immediately after** dependencies are pulled/installed (from standard registries or your artifact server) but before the final build/compilation.

**Important Configuration:** For all integration methods, you must ensure the following environment variables are set:

* `SEAL_TOKEN`: The token you generated earlier.
* `SEAL_PROJECT`: The ID of your project on the Seal platform (e.g., "my-first-project").

Identify the location of your build pipeline. Typically, this is a `.github/workflows/workflow.yaml` in your repository.

In the pipeline, identify the step where dependencies are installed (e.g., `npm install`).

Identify the location of the `package-lock.json` file.

Add the seal fix command:

```yaml
- run: npm install
- name: Run Seal Fix
  uses: seal-community/cli-action@latest
  with:
    mode: fix
    fix_mode: remote
    target: package-lock.json
    project: my-first-project
    token: ${{ secrets.SEAL_TOKEN }}
  env:
    SEAL_USED_SEAL_NAMES: 1
npm run build
```

## Sealing a package

Once you have integrated the CLI into your pipeline, follow these steps to see the results.

1. **Trigger the Pipeline:** Run your build pipeline (Jenkins job, GitHub Action workflow, or Docker build). This execution will trigger the `seal fix` command, which scans your dependencies and reports back to the Seal Platform.
2. **View the Protection page:** Navigate to the [Protection page](https://app.sealsecurity.io/protection/vulnerable).
   * If the page is already open and empty, refresh it. You should now see a list of detected vulnerable packages.\
     ![Protection page with vulnerabilities](https://2109738374-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FytkIsVkwVdKiLQ2CT6Sw%2Fuploads%2Fgit-blob-96abc9574b28349300bda5c52ae95c5d4fef3857%2Fonboarding_protection2.png?alt=media)
3. **Remediate Vulnerabilities:** Now that we have visibility, let's look at how we apply fixes. In remote fix mode you have full control over the sealing process via the UI:
   * **Available Fixes:** Packages with a ready-to-use sealed version will display a blue Seal button.
   * **Action:** Click the Seal button, then confirm by clicking Seal package in the dialog box. This creates a sealing rule on the server to replace the vulnerable package with a sealed version of it.
   * **Apply:** Run your pipeline again. The CLI will now pick up the new rule, replace the package, and the status in the UI will change to a green Sealed label.\
     ![Sealing Modal](https://2109738374-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FytkIsVkwVdKiLQ2CT6Sw%2Fuploads%2Fgit-blob-1f085ed7a789a35e5df9d6d93fd8b6b2f41d0cc5%2Fonboarding_sealing_modal1.png?alt=media)
   * **Pending:** Packages without an existing sealed version will show a **Generate Fix** button.