Skip to content

Commit

Permalink
Seal CLI Action update
Browse files Browse the repository at this point in the history
  • Loading branch information
seal-devops committed Mar 18, 2024
1 parent ac782bc commit b95fd31
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 2 deletions.
21 changes: 21 additions & 0 deletions LICENSE.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2023 Seal Cybersecurity Solutions

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
44 changes: 43 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1 +1,43 @@
# Seal CLI Action
# Seal CLI Action

The CLI action allows users to easily incorporate the [Seal CLI](https://github.com/seal-community/cli) into their GitHub Actions based CI pipeline.
The Seal CLI allows users to easily replace vulnerable packages in their projects with sealed, vulnerability-free versions, which are available for download from Seal's artifact server. To read more see the [documentation](https://docs.sealsecurity.io/fundamentals/cli).

## Usage
Incorporating the CLI action is very simple. Just add the following code immediately after pulling the packages (for example `npm install`) and before any other step.
```yml
name: seal cli
uses: seal-community/cli-action@latest
with:
mode: fix
fix_mode: all
token: <token>
project: <project-id>
```
## Flags
`fix_mode`: If the `mode` is `fix`, then the `fix_mode` sets how the CLI decides what packages to fix. `local` only fixes packages according to the [local configuration file](https://docs.sealsecurity.io/fundamentals/cli/fixing-specific-packages), whereas `all` fixes everything that has an available sealed version. The default value is `local`.

`mode`: The mode to run the CLI. `scan` to analyze the dependencies and identify vulnerable packages. `fix` to replace vulnerable packages with their sealed versions. The default value is `scan`.

`project`: The project ID, which uniquely identifies the project on the Seal platform. **If the project was already defined in the Seal platform (for example if its source code was scanned by the Seal app), then use the same ID here. Otherwise, the Seal platform will think this is a different project.** If the project does not already have a project ID, then explicitiy set a new one here. The project ID must only include ASCII letters, digits, underscores, hyphens or periods, and mustn't be over 255 characters long. By default the empty string.

`summary`: If the `mode` is `fix`, then the path to a summary file recording what packages were replaced. By default the file is not generated.

`target`: The root directory of the project you wish to fix. By default the current working directory of the GitHub action.

`token`: The authentication token to the Seal artifact server.

`verbosity`: Sets the verbosity level of the CLI: `v`, `vv` or `vvv`. By default `v`.

`version`: The CLI version to use, for example v0.1.0. By default the latest version will be used.

## How to Contribute
We're always looking for feedback, discuss possible integrations and receive feature requests.
Please open issues, pull requests, or contact us at [[email protected]](mailto:[email protected]).

## About Seal Security

![Seal Security Logo](docs/assets/logo.png)

Seal Security is an early-stage cybersecurity startup committed to simplifying vulnerability remediation for developers and application security practitioners. For more details, visit our [website](https://seal.security).
8 changes: 8 additions & 0 deletions Security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Security Policy

## Reporting a Vulnerability

If you find a vulnerability in our code please send the details to [[email protected]](mailto:[email protected]).
Include as much information as possible to enable us to promptly reproduce the issue and release an appropriate fix.

**Do not open a public issue, as it can affect the security of the existing userbase.**
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.1.7
0.1.8
Binary file added docs/assets/logo.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit b95fd31

Please sign in to comment.