Related articles:

Shai-Hulud: The Second Coming Hits npm Users

Shai-Hulud: The Second Coming Hits npm Users

Itamar Sher
November 26, 2025
Once again, the npm supply chain has been compromised. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered.This version is even more dangerous, as the malware leverages self-replication techniques to spread as widely as possible.
OWASP Named Software Supply Chain Failures. Now It’s Time to Fix Them.

OWASP Named Software Supply Chain Failures. Now It’s Time to Fix Them.

Bruce Gibson
November 19, 2025
Since OWASP unveiled its 2025 Top 10, one of the most-discussed items has been A03: Software Supply Chain Failures. For many in AppSec, this came as no surprise; enterprise software’s reliance on open source has become one of its greatest strengths and arguably its biggest liability. While OWASP’s inclusion/renaming & promotion of this category signals much-needed recognition, it also raises an important question: what does “prevention” really look like in a world where vulnerabilities live inside thousands of versions of thousands of components?
Blog article

More Security, Speed, and Compliance: New Features from Seal Security

Alon Navon
November 24, 2025

We are excited to announce a new wave of updates designed to streamline your development process, enhance security auditability, and dramatically improve platform performance.

At Seal Security, our focus remains on giving you the easiest and most effective way to manage and remediate open source vulnerabilities. 

Your feedback drives our innovation, and we're thrilled to introduce capabilities that make the platform faster, cleaner, and more compliant.

Here’s a look at what’s new and how it will help you:

Audit & Compliance Enhancements

These updates are all about eliminating false positives and making audit season painless.

  • Trivy Integration: End False Positives in Container Scans
    • What it does: Seal now seamlessly integrates with Trivy, the leading container vulnerability scanner.
    • Why you'll love it: Trivy now correctly identifies your sealed packages as remediated, eliminating noise from false positives. This is critical for simplifying security audits that rely on container scanners.
  • Attestation Reports for Auditors
    • What it does: You can now download attestation reports for individual sealed packages directly from the platform.
    • Why you'll love it: Easily provide clear, attestation of remediation to your security auditors, cutting down on manual reporting and documentation time.
  • New Scanner Integrations (Checkmarx & SentinelOne)
    • What it does: We've added API integrations with Checkmarx and SentinelOne.
    • Why you'll love it: These scanners will now correctly identify your sealed packages, further reducing false positives across your internal security scanning tools.

-Workflow & Developer Experience

We're giving you greater control over your testing environment and improving speed where it matters most.

  • Token Management Screen: Control Your Testing Noise
    • What it does: A new screen allows you to create separate "Development Tokens."
    • Why you'll love it: Developers can use these tokens locally and in feature branches without tracking the pulled packages. This eliminates noise and irrelevant packages from your production inventory, ensuring your core dashboards only show data for packages that actually reach production.
  • New Assessment Screen (SBOM Coverage Check)
    • What it does: You can now upload your SBOM (Software Bill of Materials) directly to the new Assessment screen.
    • Why you'll love it: See our existing package coverage and how Seal can protect your projects before running the CLI or connecting to your source code. Get instant insight into Seal's value!
  • Blazing Fast Maven CLI
    • What it does: We've refactored the CLI process for Maven projects.
    • Why you'll love it: The CLI now runs more than 10x faster! Even your largest Maven projects can use our CLI effectively without any performance delay.

UX Quality of Life Improvements

  • Filtering by Severity 
    • The Protection screen now includes an essential filter for severity, allowing you to instantly prioritize your review process.
  • Misconfiguration Warnings
    • We now provide helpful warnings when you create a sealing rule for a project that hasn't run the CLI, ensuring you catch potential misconfigurations before they impact your workflow.

Ready to get started?

These updates are a direct result of listening to your needs, and we're confident they will help you achieve greater security, streamline your compliance efforts, and make using the Seal platform more efficient than ever.

If you’re already using Seal, log in to the platform today to explore the new Token Management and Assessment screens, and let us know what you think of the new performance boosts.

If you haven’t taken control of your open source security with our platform yet, there is no better time to start. Take our platform tour today, and see how our one click patches can help you fix even the most unfixable CVEs.