Frequently asked questions

FAQ

What is Seal Security?

Seal Security provides standalone security patches that are fully compatible with existing versions of open source packages, ensuring seamless and predictable fixes for vulnerabilities in both application code and Linux operating systems.

‍

How are you different from other AppSec tools?

Other AppSec tools usually focus on visibility, providing you with a list of your open source vulnerabilities, or on prioritization, trying to creatively arrange that list. At Seal Security we focus on remediation, actually fixing the underlying vulnerabilities for you, clearing the list instead of just shuffling it around.

‍

What is the typical POV process?

The typical proof-of-value includes the customer selecting a test project, us providing the remediated versions for several vulnerable packages, and the customer testing it to see that everything works as expected. The entire process shouldn’t take more than 2-3 weeks.

‍

What is your SLA for new vulnerabilities?

We handle all critical and high rated vulnerabilities within 72 hours of being made public. Lower rated vulnerabilities are handled in accordance with the contractually agreed SLA.

‍

Do you provide a scanning solution?

Yes, with the Seal platform you can detect vulnerable packages in your source code, or as part of your CI pipeline.

What compliance certifications does Seal Security have?

Seal Security is certified with SOC-2 type II and ISO-27001. See more in our compliance page.

How does Seal’s platform affect the package licenses?

Seal Security’s patches do not affect your organization’s licensing requirements. Our patches are released with a permissive license, however you still must abide by the requirements of the original package’s license.

‍

How far back do you support?

We don’t have a hard limit for how far back we support. As long as the source code is publicly available, we can fix it.

What kind of support do you have?

Seal Security offers 24/7 support, including direct Slack/Teams channels with our customers.

‍

How can I contact support?

The best method is to contact us via the joint Slack/Teams channel we have with your organization. You can also email support@sealsecurity.io. For urgent cases you can email emergency@sealsecurity.io which will immediately trigger our on-call support.

‍

What programming languages do you support?

We currently have support for Java, Python, Javascript, C/C++, PHP, C#, Ruby.

‍

How do I deploy the Seal platform in my organization?

There are 2 main ways (which you can read about more in our documentation):

Use Seal as an artifact server - the developers specify the sealed versions in the requirements files, and the package manager pulls them from our server.
Incorporate the Seal CLI into your CI pipeline - immediately after pulling the packages as you would do normally, our tool will replace the vulnerable packages with their remediated versions according to preset instructions. These instructions can be found either:
1. In a configuration file in the project’s git repository, controlled by the developers.
2. On the Seal server, allowing security teams to independently remediate vulnerabilities without needing permissions to the source code.

‍

How does it integrate with my existing security scanners?

The Seal platform supports a variety of integrations with existing security scanners. These scanners will then know that a specific vulnerability in a specific package was remediated by Seal Security, and present it accordingly.

‍

Do you support on-prem setups?

Yes, while our solution works best as a SaaS solution, it’s possible to use our remediated versions in an on-prem setup.

‍

Do you support containers, virtual machines, bare metals?

Seal OS supports all of the above - containers, virtual machines as well as bare metals.

What permissions do you need for my production environment?

None! We’re entirely a build-time solution, so no permissions are necessary.

‍

How do I know you won’t break my code?

As a rule, we use the community fixes with the minimal necessary changes. Our fixes are tiny, usually fewer than 10 lines-of-code, compared with the hundreds or thousands of lines that change in a typical version upgrade, thereby dramatically reducing the risk of unforeseen side effects.

All our remediated versions undergo thorough testing and quality assurance processes, including manual inspection by our vulnerability research team, and by a dedicated AI tool that verifies there are no breaking changes.

And, since our platform runs at build-time, all of your existing tests run on our remediated version, providing an extra layer of assurance.

‍

Isn’t it better to just stay on the latest version all the time?

If the choice were simply between always staying on the latest version or never upgrading, we wouldn’t be having this conversation. The real question is whether you patch vulnerabilities or live with the risk. Staying on the latest version sounds ideal, but in practice, it’s often not feasible due to compatibility issues, breaking changes, and operational constraints. That’s why Seal Security helps you remediate vulnerabilities without disrupting your software.

For a deeper dive into why “new” isn’t always better, check out our blog post - https://www.seal.security/blog/keeping-your-open-source-dependencies-vulnerability-free-beyond-version-chasing

‍