Frequently asked questions

How does Seal Security test patches and verify that the security risk is mitigated?

After implementing a patch, we execute the complete test suite for the library and add additional tests to verify that the security risk is mitigated. You can review the patch content and the new tests by visiting our open source repository.

How does Seal security ensure that external vulnerability scanners continue to report vulnerabilities in your patched versions?

We manage vulnerability reports through GitHub's security advisory. Many vulnerability scanners source their data from GitHub's security advisories.

How does Seal Security ensure the security of the artifact server?

We are dedicated to maintaining stringent security standards to protect our users. We comply with SOC2 and ISO27001 as baseline security measures and implement additional security safeguards. More information about our security initiatives can be found here.

I’m missing support for language X, when can I expect it from Seal Security?

We decide which programming languages and ecosystems to support based on user feedback. We encourage you to contact us at info@seal.security to share your needs.

How does Seal Security determine which patches to prioritize?

By integrating our solution into their workflows, our users enable us to see which packages are in use. This visibility, combined with monitoring public vulnerability feeds, allows us to know which users are affected and to prioritize remediation efforts accordingly.