What’s New: Introducing Policies, Select Browser extension, and more

Over the past few months, we've made some new updates that we're excited to share with you. Buckle up and let's dive into what's new at Debricked! ✨ Debricked Select Chrome extensionNo more context switching. Our extension allows you to view Debricked's health data directly on a repository or a package manager's GitHub page. The extension integrates seamlessly with your browsing experience, providing you with comprehensive insights into the project without navigating away from the site. We support common source code repositories and package registries such as GitHub, pypi, nuget and many others. Learn more here and install the extension. PoliciesGroup automation rules into policies to simplify the management of these rules by providing a single point of control. This makes it easier to enable, disable, or modify multiple rules at once. Additionally, Enterprise users are able to use those policies to evaluate packages in Open Source Select with Start Left Policies. Learn more here. Legacy CLI deprecationThe Legacy CLI has been deprecated and will stop working on May 2nd, 2024. By April 2nd, 2024, using it will result in pipeline failures, and the scans will be completely turned off on May 2nd, 2024. If you're interested in integrating with us using our CLI, please check out the documentation for Debricked CLI. If you’re a user of the Legacy CLI, learn how to migrate to the Debricked CLI. Curious to learn more?These are just some of the things we’re working on here at Debricked. Join our community to stay up-to-date with everything related to Debricked and the open source universe 🪐  If you're already a member, make sure to subscribe to our Product Updates page to receive notifications every time we post an update and stay in the loop.

What's New: looking back on the second half of 2023

As 2023 came to an end and we move into the next year, it's time to take a look back at what we've been up to over the past few months. We've had an amazing year (you can read all about it in detail on our blog and LinkedIn) and our teams have been hard at work improving our tools and expanding offerings to make your open source journey smoother and more secure. From role-based access control to improved integration options, throughout Q3 and Q4 we've made some new updates that we're excited to share with you. Buckle up and let's dive into what's new at Debricked! ✨ What have we released in Q3 & Q4? Enterprise Single Sign On (SSO) Centralized user and access managementWe have streamlined our user management and enhanced security by enabling Single Sign-On (SSO) integrations as part of our onboarding process. This integration allows for a more seamless user experience, as you can now authenticate with your own SSO provider to access our tool, eliminating the need to create and remember separate login credentials. By integrating your SSO provider with Debricked, you will have immediate and centralized access control, as the authentication is handled by the SSO provider. Learn how to set it up here. Role-Based Access ControlIntroducing access rights and levelsUntil now, we provided only two access levels for our users: company admin and non-admin. The new feature catered to our Enterprise customers extends these options to give you better control over what functionality and data can be accessed by different users. This is done by introducing new types of access rights with multiple scopes, levels, and more customization! Learn more about those user roles here. C# Root fixesNew way of fixing C# vulnerabilitiesLast year, we released the Root Fix, which helps you get a clear overview of your dependencies, trees and relations, as well as all associated vulnerabilities. Most importantly, it gives you a clear direction on how to fix all of your vulnerabilities, both direct and indirect. We offer support for a few selected languages and this quarter C# is joining the list. This includes NuGet with .csproj and packages.lock.json files. See the total overview of our supported languages and file formats here. At Scale IntegrationIntegrating multiple repositories made easierHere at Debricked, providing an easy experience getting started is of utmost priority. Over the last quarter, we’ve worked on a series of documentation and solutions native to different CI/CD tools, helping you integrate multiple repositories as smoothly as possible. So far, we’ve released materials for GitHub Actions, Azure Pipelines, Bitbucket, and Gitlab, but there’s more coming your way in the upcoming months! What’s next?Of course, we are not done yet! We are currently working on new features and improvements coming in the first half of 2024. This includes the release our brand new Select browser extension, manifestless matching for Java & C#, as well as Reachability Analysis for Java.Missing something? Remember that you can leave a feature suggestion here, and our team will take it into consideration. Curious to learn more?These are just some of the things we’re working on here at Debricked. Join our community to stay up-to-date with everything related to Debricked and the open source universe 🪐  If you're already a member, make sure to subscribe to our Product Updates page to receive notifications every time we post an update and stay in the loop.

What’s New: Product Features released in Q2

Oh how time flies! The second quarter of the year is already over, and we couldn’t have been more excited to share what we’ve been up to over the last couple of months. We’ve done plenty of interesting things (be sure to check out our LinkedIn page to read up), but the highlight of our year so far has definitely been being named leader in the 2023 Gartner Magic Quadrant for Application Security Testing.Now that we’ve got the mandatory bragging out of the way, let’s jump into learning more about all the latest feature releases that will make your day a little better with Debricked ✨ What have we released in Q2? Overview: License Risk & Vulnerabilities Fixed widgetsCompleting the Overview pageAs part of completing our Overview page, we've added two brand-new widgets: The License Risk widget, displaying your current license compliance risks, grouped by critical, high, medium, low, and unknown risk levels. You can customize the data by selecting the repository/branch. The Vulnerabilities Fixed widget, helping you track the value you get from using Debricked. The data presented can also be customized using filters to select the repository/branch and time period. Learn more about the Overview and other widgets here.  Debricked CLINew and improved command-line interfaceThe Debricked CLI is our very own command line interface, bringing open source security and license compliance to your project via the command prompt. The Legacy version is still available for use, but will soon be archived, as the new Debricked CLI offers improved usability, faster scanning, easier integrations, and the possibility to install as a stand-alone tool. Find more information about the release here. High-performance scansFaster and more secure way of finding vulnerabilitiesOur new technology allows you to efficiently and precisely resolve full dependency trees for package managers that don’t use lock files. By generating Debricked lock files on your end, we do not have to handle any of your source code. This approach allows for more secure, accurate, and reliable scans, free of the drawbacks that come with server-side file generation. Find out how it works. Performance improvementsUpgraded in-app experienceA goal of every company (including ours!) is to provide its users with the optimal experience. This quarter we released updates improving the performance of our web app, to make sure that it’s as swift for larger accounts as it would be for smaller, providing you with smoother experience. We are proud to share that those updates resulted in a 99% increase in loading speed for the Dependency table page, adding up to an average performance improvement of over 94%!* This enables you to use Debricked seamlessly, no matter how big your account is.*measured using a large account (+8000 repositories) and based on improvements made for the dependency, repository, and vulnerability tables, views, and the search engine. Keep in mind that significant differences might be more noticeable for bigger accounts, as the loading time for smaller accounts had already been minimal. What’s next? Don’t worry, we are not done yet! We are cooking up more major features and improvements coming in Q3 and later this year, including: role-based access control, Root Fixes for C#, the ability to review licences, and further improvements to the automations engine. Missing something? Remember that you can leave a feature suggestion here, and our team will take it into consideration. Curious to learn more? These are just some of the things we’re working on here at Debricked. Join our community to stay up-to-date with everything related to Debricked and the open source universe 🪐  If you’re already a member and would like to be notified every time we post an update, be sure to subscribe to our Product Updates page and keep up to speed.

Say hello to the new Debricked CLI!

We are excited to announce the release of our new Debricked CLI! This command line interface brings open source security and license compliance to your project via the command prompt. The Legacy version is still available for use, but will soon be archived, as the new Debricked CLI offers improved usability, faster scanning, easier integrations, and the possibility to install as a stand-alone tool. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, starting with:Automatic application of git metadata to scans Faster scanning: Finding and uploading files is now significantly faster In the new CLI, we have incorporated a cutting-edge technology: High Performance Scans. This technology enables you to accurately and swiftly resolve full dependency trees for repositories without a lock file present.For more details, have a look at our new CLI documentation. What will happen with the old CLI? The old CLI will be deprecated and will henceforth be referred to as “the Legacy CLI.” The Legacy CLI will be phased out in the future, and we will notify you when this happens. Going forward, improvements and development efforts will focus on the new Debricked CLI.As always, if you have any feedback we are very happy to hear it! Happy commanding!🚀

Related products:CLI

What’s New: What we launched so far in 2023

2023 continues to be a big year for Debricked, with much more on the way!It’s been a busy quarter (or a bit more?) here at Debricked. Some of the highlights include joining Opentext in their journey of innovation, and launching our self-serve Portal (including the Community and Knowledge Base).Over the last couple of months, we continued to make progress in our mission to simplify open source security and streamline your experience in the Debricked universe. From automation engine customization to single sign on integration, we've been hard at work adding new features and improving existing ones to make your life easier.Read on to learn more about all the newest features that will help make your day a little better with Debricked ✨ What have we released in Q1? Default automation rulesAutomation engine customizationWe’ve made improvements to our very core: the automation engine. Building automations is what really makes Debricked powerful, as it helps you scale your rules and policies across the organization. With this update, we give you the power to configure which rules are added to newly created repositories by default. This can either be done while creating a new rule, or editing an existing one. See here for more information. Performance and reliability developmentFaster and more reliable scanningOver the past few months, we’ve worked hard to make our scanning and matching of new vulnerabilities even faster than before. The latest updates make your job easier and make sure your results are not only fast and accurate, but also reliable. We’ve improved the stability of vulnerability algorithms and matching of vulnerable version ranges. These updates will also ensure lower response times in resolving potential future false positive reports. What have we already deployed in Q2? Q2 has just started, but we are already progressing! We've been working extra hard and already managed to release a few updates optimizing your Debricked experience. Enterprise Single Sign On (SSO)Centralized user and access managementIn order to simplify user management and enhance security, we’ve made our onboarding process smoother by enabling SSO integrations.Integrating your SSO provider with Debricked allows for a more streamlined user experience. This feature enables you to authenticate with your own SSO provider to access our tool, eliminating the need to create and remember separate login credentials. This integration also ensures that access to the Debricked tool is granted only to your authorized users, as authentication is handled by the SSO provider. See here for more information. License Risk widgetAddition to the OverviewAs part of bringing the Overview out of the Beta stage, we are releasing more widgets available for you to use. First up: the License Risk widget! It presents your current licence compliance risks, grouped by risk levels: critical, high, medium, low, and unknown. Similarly to the other widgets, you are able to customize the data by changing the selected repository/branch. See here for more information. What’s next? Don’t worry, we are not done yet! We are cooking up more major features and improvements coming in Q2 and later this year, including a new and improved Debricked CLI, high performance scanning, role-based access control, Root Fixes for C#, License review, and further improvements to the automations engine.  Curious to learn more? These are just some of the things we’re working on here at Debricked. Join our community to stay up-to-date with everything related to Debricked and the open source universe 🪐 If you’re already a member and would like to be notified every time we post an update, be sure to subscribe to our Product Updates page and keep up to speed.

3 things we are working on in Q1

More SSO integrations Being able to configure which rules are added to new repos by default Root fixes for C#, PHP and Python The past few years we’ve spent a lot of time thinking about what an SCA tool should be, what it typically is today and what it should not be. What is the future of managing open source risk? What is the next generation of SCA tools? We believe that there are a few key attributes that puts Debricked into the new generation bucket, some of them are actionability, excellent UX, dev-first approach and having a holistic view of open source risk. The coming year, we’re focusing on two main things: moving even further into the next generation and solidifying our position as front runners, and improving both usability and user experience. So, what does this mean in terms of product features and improvements?Firstly, making our onboarding process smoother by enabling SSO integrations. It’s important to us that our tool is easily accessible and simple to set up, and for larger teams it’s simply a must have. Next is expanding our abilities to help you fix vulnerabilities easily. During late 2022 we released the Root Fix, if you haven’t heard about it you can read more here. Basically, it helps you get a clear overview of your dependencies, trees and relations, direct and indirect and all associated vulnerabilities. It also, most importantly, gives you clear direction on how to fix all vulnerabilities, direct and indirect, easily. Today we offer support for a select few languages. By the end of Q1, we will proudly be adding C#, PHP and Python to that list!Aside from this, we’ll be focusing on improving our very core: the automation engine. Building automations is what makes Debricked really powerful, as it helps you scale your rules and policies across your organization. The main thing will be giving users power to configure which rules are added to newly added repositories by default. That’s all for now, see you again in Q2!

Year in review 2022

Another year has passed and with the risk of sounding like every single person in the world, what happened? Probably lots of things, since that’s usually what makes time run fast. To recap, I wanted to look back at all the things we’ve accomplished the past year and what’s new in the product. Let’s start from the top! Q1The first quarter we managed to finally get rid of the last parts of our old UI, which is something we won’t miss (especially not our designers, they cheered). Now the whole product looked pretty - a great start to the new year, right? Another project we did was optimizing scans, causing them to be about 85% (!) faster than before. Quite an achievement for the team, and our customers were delighted. The biggest milestone though was probably enabling our very own unique way of creating Fix Pull Requests, allowing you to fix a vulnerability with one click from our UI. Our PR’s are now incredibly fast and reliable due to the Graph Database technology working behind the scenes. Learn more about how we use Neo4j to create lightning fast PR’s here. Q2Q2 was really in the name of maintenance. We achieved a lot, but perhaps less flashy and exciting features than during Q1. Nevertheless, very important though. Among other things, we made it easy to invite a lot of users at once to your Debricked organization, we improved our billing experience in the tool and, in general, did a lot of polishing. Lastly, we further built out the capabilities of what we call source code-less scans. This is a way for us to scan for vulnerabilities without actually having to scan your source code, all in the name of security and privacy. You can read more about source code-less scans here.  Q3During the third quarter we had one large project and several small ones. The star of the show was definitely adding the ability to scan CycloneDX SBOM files with Debricked. This allowed users to scan their vendor’s SBOM’s to add another layer to their security practices. Other than that, we focused on making our automation engine really great by doing some adjustments and additions. For example, we added the ability to exclude branches in your rules, creating endless possibilities for customization.  Q4Finally, in Q4 (or, like, yesterday) we managed to squeeze in a lot of different things. Firstly, enabling the integration with Fortify on Demand, which is our big brother doing Static Application Security Testing. Now, a small part of Debricked is available in their UI.Secondly, we released Start Left Policies. SLP allows you to apply any rules set in the automation engine to your searches in Select, and can thus know if a dependency passes your rules, before you even import it. This is a super unique feature so make sure to read more about it here. Thirdly, we focused on helping our users fix their vulnerabilities easily. To do that, we released Root Fixes, which gives you full transparency into your dependency tree, any relations, indirect dependencies and vulnerabilities, and most importantly: guidance on how to fix them. Read more about our Root Fixes here. Finally, we added the ability to export CycloneDX SBOM’s through both the UI and API. In that same project, we made sure to improve our license matching so it’s done on the exact dependency version and included proof of license, copyright and full license text in the SBOM.