As the company administrator, you can choose to enable single sign-on for the users to log in via GitHub. How to enable single sign on via GitHub How to whitelist email domains User management using SSO Access control How to enable single sign on via GitHub Go to Admin tools in the left side menu Input your password to enter the administrative mode In the User permissions tab, toggle the SSO with GitHub to enable the feature Click on the +Add organizations button to add your organization - everyone who is part of it will be able to create their account or log in via the GitHub SSO How to whitelist email domainsAs the company administrator, you are able to filter which users in your organization can use SSO by whitelisting email domains.To whitelist a new email domain: Go to Admin tools in the left side menu Input your password to enter the administrative mode In the User permissions tab, under Whitelist user domains, enter all domains (starting with “@”, e.g. “@debricked.com
Keep in mind that the legacy CLI will soon be deprecated. If you're interested in integrating with us using our CLI, we recommend you to check out the documentation for the Debricked CLI. We provide a Command Line Tool (CLI) for interacting with Debricked. It supports uploading and checking your dependency files for vulnerabilities from your console. This could be useful when you want to check whether your dependency files are vulnerable before uploading them to your repository or in a custom CI pipeline. This tool also powers some of our integrations, such as the Bitbucket “pipe” integration. You can chose to install the CLI tool locally, or by using Docker. Local installation Available commands Code snippet analysis Uninstallation Using Docker Source-codeless scans Local installationPHP is required, run php -v on your system to see if it is installed or not. If it is not installed, refer to your favourite package manager or, if you are on Windows, install the - latest version ava
Wow, if we thought this year was off to a good start, it just keeps getting better! We are happy to announce that Debricked has been named a leader in the 2023 Gartner Magic Quadrant for Application Security Testing, together with Fortify and OpenText Cybersecurity!Thanks to critical capabilities such as machine learning, addressing the security of software supply chains with Select and general software composition analysis capabilities, Debricked has largely contributed to Fortify’s continued leadership in the Gartner MQ.“The acquisition of Debricked provides a number of software supply chain capabilities, including Open Source Select. That product provides insights into data that can be leveraged to assess open source software risks (frequency of updates, size of maintenance team, etc.), and helps guide teams to packages with the least potential for downstream risks.”This, in couple with other updates and additional capabilities, has made Fortify a leader for the 10th (!!!) year in a
This article details how to configure Azure AD as the primary Identity Provider to facilitate SSO with Debricked. For details regarding integration with other Identity Providers, see Set up Single Sign On (SSO) for Debricked. Registering a new Azure AD Application Getting the ClientID Creating the Client Secret Getting the OIDC metadata endpoint (Issuer URL) Communicating the data with Debricked Adding users Testing the set up Registering a new Azure AD ApplicationSearch for App registrations Click on New registration. We suggest you name your application “Debricked”, but it is not mandatory. In the Redirect URI section select Web as type of application and enter:https://debricked.com/app/sso/oidc/authConfirm the details and proceed to the next step. Getting the ClientIDYou can find the Client ID from the Overview section, the first page you will see after creating the application. Creating the Client SecretOn the sidebar, click on Certificates & secrets. Click New client
We are excited to announce the release of our new Debricked CLI! This command line interface brings open source security and license compliance to your project via the command prompt. The Legacy version is still available for use, but will soon be archived, as the new Debricked CLI offers improved usability, faster scanning, easier integrations, and the possibility to install as a stand-alone tool. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, starting with:Automatic application of git metadata to scans Faster scanning: Finding and uploading files is now significantly faster In the new CLI, we have incorporated a cutting-edge technology: High Performance Scans. This technology enables you to accurately and swiftly resolve full dependency trees for repositorie
Find the full CLI documentation here.High Performance Scans are currently available for Maven (pom.xml), Gradle (build.gradle), Go modules (go.mod) and Pip (requirements.txt) How to generate the debricked-lock(tree) files using High Performance Scans How to speed up the debricked lock file resolution Error Handling Some package managers do not have native support for maintaining lock files with complete information on dependency versions and relations. In order to guarantee fast and accurate scans for these package managers, it is necessary to first generate this information into a file before sending it to Debricked for scanning. Doing this also ensures that private dependencies are included in the scans and eliminates the need to send source code for a complete scan, since all information will be included in the generated file.At Debricked, we’ve developed a solution to make this process as simple as possible: High Performance Scans. This technology enables you to accurately and qui
Ahoy Portal members! It is Friday again and time to cache-up with the latest cool content you have found around open source and/or general tech. As always, I will start: this week I was super dazzled by Coca-Cola’s recent advertisement: 100% AI-Generated 🤯. See below (and here for the impressive behind the scenes): What has fascinated you this week? Share below ✨
Hi all, I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin (https://github.com/docker/sbom-cli-plugin) and then import that. Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back! TLDR: To scan Docker images with Debricked, you need to do the following: Install and run the Docker SBOM CLI plugin, https://github.com/docker/sbom-cli-plugin, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json Run Debricked CLI, https:
What publications/blogs do you read on a frequent basis?For all things related to open source, I am a big fan of The ReadME project.Share the gold with us below ✨
You can create an account below using either single sign-on or a username/password. Already have an account? Log in
No account? Create an account now.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.