Blog article

NEW feature - Seal container images without code changes

Alon Navon
July 31, 2025

We’re excited to announce the launch of  a new feature in the Seal Security platform designed to patch your built containers and make them vulnerability-free with a single line command. Containers are assembled by numerous teams using a variety of pipelines and tooling ecosystems, creating complex dependencies and making unified security practices difficult to enforce. If you’re tired of endlessly tweaking Dockerfiles and build pipelines to patch vulnerabilities, those days are over. Seal’s Sealed Container Image provides a centralized, streamlined solution that lets you patch your already-built containers and make them vulnerability-free with unprecedented ease, all without any changes to your source code or pipeline.

How It Works: One Command to a Secure Container

With this new feature securing a container is as simple as running one command. Just execute:

seal image fix my-org/my-service:1.2.3

This single step automatically generates a vulnerability-free version of your container image, ready for immediate deployment. It’s that simple! Under the hood, Sealed Container Image analyzes your container for vulnerable components (from the operating system up through application libraries), applies the necessary patches or replacements, and outputs a new, secure image, all without requiring a full rebuild of your application. In other words, you don’t need to modify your code, Dockerfile, or CI configuration; this new feature handles the heavy lifting of remediation for you in one go. This dramatically speeds up the patching process, allowing teams to respond to critical CVEs in minutes instead of days or weeks.

Built for Security at Scale

  • Centralized Patching (No Pipeline Modifications): Patch all your containers from one centralized location without making any changes to individual CI/CD pipelines. You no longer need to update each project’s build process or base image manually saving you immense time and effort.
  • No Rebuilds Necessary: Remediate vulnerabilities in your container images without rebuilding your application or creating new image builds from scratch. This means you can deploy security updates faster and with far less overhead, since there’s no need to re-run your full software build or testing pipeline for each fix.
  • Support for External Containers: Secure not only your in-house container images but also third-party or external images you rely on. This extends your security coverage to all containers in your environment, even those you didn’t build yourself.
  • Comprehensive Package Manager Support: Seal Image Registry covers all major Linux package managers – including APK (Alpine), DEB (Debian/Ubuntu), and RPM (RHEL/CentOS and others). 
  • Application Component Remediation: Beyond system packages, Sealed Container Images also finds and fixes vulnerabilities in application-level components inside your container. This includes things like Java JAR files, Python/Pip libraries, Node.js packages, and more.

Check out our interactive demo!

With this feature Seal Security continues to empower your team to deploy secure containers faster and with less overhead. Your developers and DevOps engineers can spend less time on emergency patching and more time on building features, while security teams gain confidence that every container in production is continuously maintained at “zero-known-vulnerabilities” status. It’s not just a quick fix – it’s a glimpse into the future of container security, where staying secure is frictionless and automatic.

Ready to learn more? We’re excited for you to experience this new capability. Feel free to check out our interactive demo to see this new feature in action, and if you’d like a personalized walkthrough, you can also book a demo with our team. Secure, effortless container updates are now a reality and we can’t wait to see how this new feature helps you and your organization ship software with greater confidence and speed.