Product Updates

Learn more about recent improvements and product news

3 things we are working on in Q1

More SSO integrations Being able to configure which rules are added to new repos by default Root fixes for C#, PHP and Python The past few years we’ve spent a lot of time thinking about what an SCA tool should be, what it typically is today and what it should not be. What is the future of managing open source risk? What is the next generation of SCA tools? We believe that there are a few key attributes that puts Debricked into the new generation bucket, some of them are actionability, excellent UX, dev-first approach and having a holistic view of open source risk. The coming year, we’re focusing on two main things: moving even further into the next generation and solidifying our position as front runners, and improving both usability and user experience. So, what does this mean in terms of product features and improvements?Firstly, making our onboarding process smoother by enabling SSO integrations. It’s important to us that our tool is easily accessible and simple to set up, and for larger teams it’s simply a must have. Next is expanding our abilities to help you fix vulnerabilities easily. During late 2022 we released the Root Fix, if you haven’t heard about it you can read more here. Basically, it helps you get a clear overview of your dependencies, trees and relations, direct and indirect and all associated vulnerabilities. It also, most importantly, gives you clear direction on how to fix all vulnerabilities, direct and indirect, easily. Today we offer support for a select few languages. By the end of Q1, we will proudly be adding C#, PHP and Python to that list!Aside from this, we’ll be focusing on improving our very core: the automation engine. Building automations is what makes Debricked really powerful, as it helps you scale your rules and policies across your organization. The main thing will be giving users power to configure which rules are added to newly added repositories by default. That’s all for now, see you again in Q2!

Year in review 2022

Another year has passed and with the risk of sounding like every single person in the world, what happened? Probably lots of things, since that’s usually what makes time run fast. To recap, I wanted to look back at all the things we’ve accomplished the past year and what’s new in the product. Let’s start from the top! Q1The first quarter we managed to finally get rid of the last parts of our old UI, which is something we won’t miss (especially not our designers, they cheered). Now the whole product looked pretty - a great start to the new year, right? Another project we did was optimizing scans, causing them to be about 85% (!) faster than before. Quite an achievement for the team, and our customers were delighted. The biggest milestone though was probably enabling our very own unique way of creating Fix Pull Requests, allowing you to fix a vulnerability with one click from our UI. Our PR’s are now incredibly fast and reliable due to the Graph Database technology working behind the scenes. Learn more about how we use Neo4j to create lightning fast PR’s here. Q2Q2 was really in the name of maintenance. We achieved a lot, but perhaps less flashy and exciting features than during Q1. Nevertheless, very important though. Among other things, we made it easy to invite a lot of users at once to your Debricked organization, we improved our billing experience in the tool and, in general, did a lot of polishing. Lastly, we further built out the capabilities of what we call source code-less scans. This is a way for us to scan for vulnerabilities without actually having to scan your source code, all in the name of security and privacy. You can read more about source code-less scans here.  Q3During the third quarter we had one large project and several small ones. The star of the show was definitely adding the ability to scan CycloneDX SBOM files with Debricked. This allowed users to scan their vendor’s SBOM’s to add another layer to their security practices. Other than that, we focused on making our automation engine really great by doing some adjustments and additions. For example, we added the ability to exclude branches in your rules, creating endless possibilities for customization.  Q4Finally, in Q4 (or, like, yesterday) we managed to squeeze in a lot of different things. Firstly, enabling the integration with Fortify on Demand, which is our big brother doing Static Application Security Testing. Now, a small part of Debricked is available in their UI.Secondly, we released Start Left Policies. SLP allows you to apply any rules set in the automation engine to your searches in Select, and can thus know if a dependency passes your rules, before you even import it. This is a super unique feature so make sure to read more about it here. Thirdly, we focused on helping our users fix their vulnerabilities easily. To do that, we released Root Fixes, which gives you full transparency into your dependency tree, any relations, indirect dependencies and vulnerabilities, and most importantly: guidance on how to fix them. Read more about our Root Fixes here. Finally, we added the ability to export CycloneDX SBOM’s through both the UI and API. In that same project, we made sure to improve our license matching so it’s done on the exact dependency version and included proof of license, copyright and full license text in the SBOM.