-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ac782bc
commit b95fd31
Showing
5 changed files
with
73 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2023 Seal Cybersecurity Solutions | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,43 @@ | ||
# Seal CLI Action | ||
# Seal CLI Action | ||
|
||
The CLI action allows users to easily incorporate the [Seal CLI](https://github.com/seal-community/cli) into their GitHub Actions based CI pipeline. | ||
The Seal CLI allows users to easily replace vulnerable packages in their projects with sealed, vulnerability-free versions, which are available for download from Seal's artifact server. To read more see the [documentation](https://docs.sealsecurity.io/fundamentals/cli). | ||
|
||
## Usage | ||
Incorporating the CLI action is very simple. Just add the following code immediately after pulling the packages (for example `npm install`) and before any other step. | ||
```yml | ||
name: seal cli | ||
uses: seal-community/cli-action@latest | ||
with: | ||
mode: fix | ||
fix_mode: all | ||
token: <token> | ||
project: <project-id> | ||
``` | ||
## Flags | ||
`fix_mode`: If the `mode` is `fix`, then the `fix_mode` sets how the CLI decides what packages to fix. `local` only fixes packages according to the [local configuration file](https://docs.sealsecurity.io/fundamentals/cli/fixing-specific-packages), whereas `all` fixes everything that has an available sealed version. The default value is `local`. | ||
|
||
`mode`: The mode to run the CLI. `scan` to analyze the dependencies and identify vulnerable packages. `fix` to replace vulnerable packages with their sealed versions. The default value is `scan`. | ||
|
||
`project`: The project ID, which uniquely identifies the project on the Seal platform. **If the project was already defined in the Seal platform (for example if its source code was scanned by the Seal app), then use the same ID here. Otherwise, the Seal platform will think this is a different project.** If the project does not already have a project ID, then explicitiy set a new one here. The project ID must only include ASCII letters, digits, underscores, hyphens or periods, and mustn't be over 255 characters long. By default the empty string. | ||
|
||
`summary`: If the `mode` is `fix`, then the path to a summary file recording what packages were replaced. By default the file is not generated. | ||
|
||
`target`: The root directory of the project you wish to fix. By default the current working directory of the GitHub action. | ||
|
||
`token`: The authentication token to the Seal artifact server. | ||
|
||
`verbosity`: Sets the verbosity level of the CLI: `v`, `vv` or `vvv`. By default `v`. | ||
|
||
`version`: The CLI version to use, for example v0.1.0. By default the latest version will be used. | ||
|
||
## How to Contribute | ||
We're always looking for feedback, discuss possible integrations and receive feature requests. | ||
Please open issues, pull requests, or contact us at [[email protected]](mailto:[email protected]). | ||
|
||
## About Seal Security | ||
|
||
![Seal Security Logo](docs/assets/logo.png) | ||
|
||
Seal Security is an early-stage cybersecurity startup committed to simplifying vulnerability remediation for developers and application security practitioners. For more details, visit our [website](https://seal.security). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Security Policy | ||
|
||
## Reporting a Vulnerability | ||
|
||
If you find a vulnerability in our code please send the details to [[email protected]](mailto:[email protected]). | ||
Include as much information as possible to enable us to promptly reproduce the issue and release an appropriate fix. | ||
|
||
**Do not open a public issue, as it can affect the security of the existing userbase.** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
0.1.7 | ||
0.1.8 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.