Welcome to our Community

Recent activity

DamianCommunity Manager

How do I enable single sign-on via GitHub?

As the company administrator, you can choose to enable single sign-on for the users to log in via GitHub. How to enable single sign on via GitHub How to whitelist email domains User management using SSO Access control How to enable single sign on via GitHub Go to Admin tools in the left side menu Input your password to enter the administrative mode In the User permissions tab, toggle the SSO with GitHub to enable the feature Click on the +Add organizations button to add your organization - everyone who is part of it will be able to create their account or log in via the GitHub SSO How to whitelist email domainsAs the company administrator, you are able to filter which users in your organization can use SSO by whitelisting email domains.To whitelist a new email domain: Go to Admin tools in the left side menu Input your password to enter the administrative mode In the User permissions tab, under Whitelist user domains, enter all domains (starting with “@”, e.g. “@debricked.com

201

2 days ago

DamianCommunity Manager

Debricked CLI

Legacy CLI Documentation

Keep in mind that the legacy CLI will soon be deprecated. If you're interested in integrating with us using our CLI, we recommend you to check out the documentation for the Debricked CLI. We provide a Command Line Tool (CLI) for interacting with Debricked. It supports uploading and checking your dependency files for vulnerabilities from your console. This could be useful when you want to check whether your dependency files are vulnerable before uploading them to your repository or in a custom CI pipeline. This tool also powers some of our integrations, such as the Bitbucket “pipe” integration. You can chose to install the CLI tool locally, or by using Docker. Local installation Available commands Code snippet analysis Uninstallation Using Docker Source-codeless scans Local installationPHP is required, run php -v on your system to see if it is installed or not. If it is not installed, refer to your favourite package manager or, if you are on Windows, install the - latest version ava

4483

3 days ago

joanna.qvarnstromCommunity Manager

Announcements

Debricked named leader in the 2023 Gartner Magic Quadrant for Application Security Testing!News

Wow, if we thought this year was off to a good start, it just keeps getting better! We are happy to announce that Debricked has been named a leader in the 2023 Gartner Magic Quadrant for Application Security Testing, together with Fortify and OpenText Cybersecurity!Thanks to critical capabilities such as machine learning, addressing the security of software supply chains with Select and general software composition analysis capabilities, Debricked has largely contributed to Fortify’s continued leadership in the Gartner MQ.“The acquisition of Debricked provides a number of software supply chain capabilities, including Open Source Select. That product provides insights into data that can be leveraged to assess open source software risks (frequency of updates, size of maintenance team, etc.), and helps guide teams to packages with the least potential for downstream risks.”This, in couple with other updates and additional capabilities, has made Fortify a leader for the 10th (!!!) year in a

550

5 days ago

DamianCommunity Manager

Integrations

Set up Single Sign-On (SSO) to Debricked through Azure AD

This article details how to configure Azure AD as the primary Identity Provider to facilitate SSO with Debricked. For details regarding integration with other Identity Providers, see Set up Single Sign On (SSO) for Debricked. Registering a new Azure AD Application Getting the ClientID Creating the Client Secret Getting the OIDC metadata endpoint (Issuer URL) Communicating the data with Debricked Adding users Testing the set up Registering a new Azure AD ApplicationSearch for App registrations Click on New registration. We suggest you name your application “Debricked”, but it is not mandatory. In the Redirect URI section select Web as type of application and enter:https://debricked.com/app/sso/oidc/authConfirm the details and proceed to the next step. Getting the ClientIDYou can find the Client ID from the Overview section, the first page you will see after creating the application. Creating the Client SecretOn the sidebar, click on Certificates & secrets. Click New client

5 days ago

CarlDebricked crew

Say hello to the new Debricked CLI!News

We are excited to announce the release of our new Debricked CLI! This command line interface brings open source security and license compliance to your project via the command prompt. The Legacy version is still available for use, but will soon be archived, as the new Debricked CLI offers improved usability, faster scanning, easier integrations, and the possibility to install as a stand-alone tool. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, starting with:Automatic application of git metadata to scans Faster scanning: Finding and uploading files is now significantly faster In the new CLI, we have incorporated a cutting-edge technology: High Performance Scans. This technology enables you to accurately and swiftly resolve full dependency trees for repositorie

370

7 days ago

DamianCommunity Manager

Debricked CLI

High Performance Scan: faster, more accurate, and more secure dependency scanning

Find the full CLI documentation here.High Performance Scans are currently available for Maven (pom.xml), Gradle (build.gradle), Go modules (go.mod) and Pip (requirements.txt) How to generate the debricked-lock(tree) files using High Performance Scans How to speed up the debricked lock file resolution Error Handling Some package managers do not have native support for maintaining lock files with complete information on dependency versions and relations. In order to guarantee fast and accurate scans for these package managers, it is necessary to first generate this information into a file before sending it to Debricked for scanning. Doing this also ensures that private dependencies are included in the scans and eliminates the need to send source code for a complete scan, since all information will be included in the generated file.At Debricked, we’ve developed a solution to make this process as simple as possible: High Performance Scans. This technology enables you to accurately and qui

430

7 days ago

DamianCommunity Manager

Debricked CLI

Debricked CLI Documentation

What is the Debricked CLI? Getting started 1. Authentication 2. Installation 2.1 Local installation: 2.2 Adding the CLI to your CI/CD pipeline 3. Test your installation 4. Scan your first project 5. List of Commands 6. Troubleshooting and Error Message Getting support Uninstallation Create an issue or report a bug Contributors What is the Debricked CLI? The Debricked CLI is Debricked's command line interface, bringing open-source security, and license compliance to your project via the command prompt. The Debricked CLI is currently available for: Windows, Linux, and macOS operating systems. It might work on other operating systems but has not been thoroughly tested yet.Supported languages: Javascript, Java, C#, Ruby, PHP, and more.Supported package managers: Yarn, Npm, Bowel, Bazel, Gradle, and more. Getting started To use the Debricked CLI, you must have a Debricked account, create an access token and install the CLI. The CLI can be run:locally in your terminal as

1090

7 days ago

BeneditaCommunity Manager

Weekly cache-up

Weekly cache-up 💡

Ahoy Portal members! It is Friday again and time to cache-up with the latest cool content you have found around open source and/or general tech. As always, I will start: this week I was super dazzled by Coca-Cola’s recent advertisement: 100% AI-Generated 🤯. See below (and here for the impressive behind the scenes): What has fascinated you this week? Share below ✨

9 days ago

sweoggyShip Member

Show & Tell

Scanning Docker images with Debricked

Hi all, I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin (https://github.com/docker/sbom-cli-plugin) and then import that. Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back! TLDR: To scan Docker images with Debricked, you need to do the following: Install and run the Docker SBOM CLI plugin, https://github.com/docker/sbom-cli-plugin, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json Run Debricked CLI, https:

13 days ago

BeneditaCommunity Manager

Weekly cache-up

Weekly cache-up 💡 “Tell me what you read and I will tell you who you are!”

What publications/blogs do you read on a frequent basis?For all things related to open source, I am a big fan of The ReadME project.Share the gold with us below ✨

16 days ago

Top contributors

Show full leaderboard

Lastest achievements

felix.kruusehas earned the badge Intermediate Speaker
rocketship17has earned the badge Beginner Speaker
felix.kruusehas earned the badge Beginner Speaker
NevyXushas earned the badge Beginner Speaker
emilwareushas earned the badge Beginner Speaker

Show all badges

About the Community

Debricked Q&A

Space Huddle

💡Featured posts

Shared by our community members in the Space Huddle

How do I enable single sign-on via GitHub?

Legacy CLI Documentation

Debricked named leader in the 2023 Gartner Magic Quadrant for Application Security Testing!News

Set up Single Sign-On (SSO) to Debricked through Azure AD

Say hello to the new Debricked CLI!News

High Performance Scan: faster, more accurate, and more secure dependency scanning

Debricked CLI Documentation

Weekly cache-up 💡

Scanning Docker images with Debricked

Weekly cache-up 💡 “Tell me what you read and I will tell you who you are!”

Top contributors

Lastest achievements

Upcoming events

Still looking for an answer?

Debricked Open Source

API Documentation

Contact Us

Welcome to our Community

💡Featured posts

Shared by our community members in the Space Huddle

Debricked named leader in the 2023 Gartner Magic Quadrant for Application Security Testing!News

Say hello to the new Debricked CLI!News

Top contributors

Lastest achievements

Upcoming events

Show off your tips & tricks in the Space Huddle.

Still looking for an answer?

Create an account

Single sign-on

Log in to the Portal

Single sign-on

Scanning file for viruses.

This file cannot be downloaded