Ideas
Product Updates
Events

New post

My profile
- Topics
- Replies
- Solved
- Bookmarks
- Private messages
- Settings
- Log out

Hi 👋 How can we help?

Community

Meet peers • Ask questions • Get answers

Knowledge Base

Learn how to get started • Read product docs

Ideas

Submit feedback • Explore member ideas

Recent activity in the Portal

BeneditaCommunity Manager

Show & Tell

New video alert 📽️ What is Open Source Health? (with Fortify)

Our Head of Research and Development, Emil, just dropped some knowledge nuggets on Open Source Health, and you won't want to miss it.We've got that video for you (thanks Fortify!), and it's packed with insights that could transform the way you approach health data. Enjoy!

6 days ago

DamianCommunity Manager

Administration

How do I use Role Based Access Control?

This feature is not live yet. It will be available for Enterprise customers. How do I manage users with Role Based Access Control? User roles No access Viewer Developer Reviewer Maintainer Repository admin Company admin Available actions per user role How do I manage users with Role Based Access Control?Role-Based Access Control (RBAC) allows you to grant and enforce access to functionalities and integrated repositories by assigning pre-defined roles to users. To give you better control over what functionality and data can be accessed by different users, these roles are assigned per individual repository. A single user can have one level of access rights for one repository and a different level for another. Anything a user can see and do in an integrated repository is defined by their role.By default, once a new repository is integrated, only the company admin(s) get access to it (apart from the user integrating it), while other users are assigned the No access role. As a

250

13 days ago

DamianCommunity Manager

Administration

How do I generate an access token?

Keep in mind that only users with admin rights can generate access tokens.Access tokens are a secure way of performing automated integrations with Debricked. They are safer compared to using a username and password, and their typical use cases include GitLab, Bitbucket, and API integrations, which are not tied to a particular user, but rather to a repository or projectTo generate a new access token: Go to Admin tools in the left side menu Input your password to enter the administrative mode In the Account settings tab, click on the +Create button Fill in the description and if needed, enable the API access, which gives access to the most common actions, such as performing scans Click on Generate Copy the generated token. You can only view this token once, so make sure to save it before closing the window!

5252

14 days ago

DamianCommunity Manager

API

Debricked API Resources

Important API Resources: How do I authenticate? API Rate limits Debricked is an API first service, allowing for all actions inside the UI to be scripted. This allows you to integrate our service into your code, CI pipelines, and more. All users with the admin role (or API access scope) have access to our open API. This is also the API used by Debricked CLI. Important API Resources:Base URL for API: https://debricked.com/api Current version URL: https://debricked.com/api/1.0 Open API reference/Sandbox Open API reference/Sandbox, JSON format How do I authenticate?The API uses JWT-tokens for authentication. How do I generate JWT-tokens using the username and password?In order to get a JWT-token you need to provide your username and password to: https://debricked.com/api/login_checkUsing curl, the call would look like this:curl https://debricked.com/api/login_check -d _username=YOUR_USERNAME -d _password=YOUR_PASSWORDIf successful, the response will contain your token:{"token":"YOUR_VERY_L

7503

15 days ago

BeneditaCommunity Manager

Show & Tell

Debricked CLI Migration guideTutorial

The Legacy CLI has now been officially deprecated and will soon stop working. Going forward, all our efforts and enhancements will be dedicated solely to the new Debricked CLI. Thus, we strongly recommend and encourage your transition to the new CLI in order to stay aligned with the latest features and improvements.Read on to find out why you should migrate to the new CLI and what actions are needed from your side. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, such as:Automatic application of git metadata to scans Faster scanning*: Finding and uploading files is now significantly faster Improved call graph generation for vulnerable functionality Manifest-less/fingerprint matching (upcoming) *In the new CLI, we have incorporated a cutting-edge technology: High

330

27 days ago

DamianCommunity Manager

Debricked CLI

Debricked CLI Documentation

What is the Debricked CLI? Getting started 1. Authentication 2. Installation 2.1 Local installation: 2.2 Adding the CLI to your CI/CD pipeline 3. Test your installation 4. Scan your first project 5. List of Commands help scan resolve files find report callgraph 6. Troubleshooting and Error Message Getting support Uninstallation Create an issue or report a bug Contributors What is the Debricked CLI? The Debricked CLI is Debricked's command line interface, bringing open-source security, and license compliance to your project via the command prompt. The Debricked CLI is currently available for: Windows, Linux, and macOS operating systems. It might work on other operating systems but has not been thoroughly tested yet.Supported languages: Javascript, Java, C#, Ruby, PHP, and more.Supported package managers: Yarn, Npm, Bowel, Bazel, Gradle, and more. Getting started To use the Debricked CLI, you must have a Debricked account, create an access token and install

9472

29 days ago

emilwareusDebricked crew

Show & Tell

How to scan a repository with different services

Hi! I got asked today how Debricked can handle “multiple services” in the same repo. It is common to have monorepos with different deployments/microservices/etc.. in them, but you want to logically separate them in the debricked UI. This is easy to do through the CLI, and I have an example repository here: https://github.com/emilwareus/debricked-split-repo This is how the base action looks, but I would probably just split this into two separate actions to get a better overview of what services triggers what rules, and potentially only run the scans on changes in each service. name: Debricked scanon: [push]jobs: vulnerabilities-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install Debricked CLI run: | curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked ./debricked --version # Here I make two separate scans with debricked in different parts of the repo

1 month ago

NevyXusShip Member

Q&A

Root fixes for C#

Hello,Our backend is mainly written in C# while our frontend is in JS - i was wondering - when will you add root fixes to C# too? Is that planned?

1 month ago

cyberlunar23Ship Member

Q&A

Separating repos

Hi there, I have just integrated ~20 repos with the GitHub integration. I am now trying to separate some of our external facing and internal facing repositories. How can I achieve that?

2 months ago

BeneditaCommunity Manager

Show & Tell

📩 Introduce Debricked to your team [enterprise] - email template

Bringing new tools in and getting them to be adapted can be a herculean effort. Habits take work to change. We’ve put together a customizable email template that you can send out to your team so they are up to speed with Debricked. InstructionsCopy the template below and paste it into a new email/internal message. If you are using Notion for your internal documentation, you might want to duplicate this page. Customize the [placeholder text]. Add any additional context to help your team understand how and why you’re using Debricked, and remove any content irrelevant to your environment. Send the email/message to your team and prepare to get your open source security on point! Template Hello team,As some of you know, we’re now using Debricked as our Software Composition Analysis tool (SCA). Debricked will scan our repositories for any unwanted vulnerabilities and non-compliant licenses and support us in finding open source projects that fit our internal policies.Why are we using Debricke

170

2 months ago

Upcoming Events

Your Debricked account

Log in

Leaderboard

Awarded Badges

Carlhas earned the badge Beginner Speaker
felix.kruusehas earned the badge Expert Speaker
felix.kruusehas earned the badge Intermediate Speaker
rocketship17has earned the badge Beginner Speaker
felix.kruusehas earned the badge Beginner Speaker

Show all badges

Still looking for an answer?

Debricked Open Source

API Documentation

Contact Us

Terms & Conditions Cookie settings

Create an account

You can create an account below using either single sign-on or a username/password. Already have an account? Log in

Single sign-on

Username *

Email address *

Title

Company

GitHub Profile

Country

About me

My favourite OS package

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Log in to the Portal

No account? Create an account now.

Single sign-on

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.