Product Updates

Learn more about recent improvements and product news

Say hello to the new Debricked CLI!

We are excited to announce the release of our new Debricked CLI! This command line interface brings open source security and license compliance to your project via the command prompt. The Legacy version is still available for use, but will soon be archived, as the new Debricked CLI offers improved usability, faster scanning, easier integrations, and the possibility to install as a stand-alone tool. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, starting with:Automatic application of git metadata to scans Faster scanning: Finding and uploading files is now significantly faster In the new CLI, we have incorporated a cutting-edge technology: High Performance Scans. This technology enables you to accurately and swiftly resolve full dependency trees for repositories without a lock file present.For more details, have a look at our new CLI documentation. What will happen with the old CLI? The old CLI will be deprecated and will henceforth be referred to as “the Legacy CLI.” The Legacy CLI will be phased out in the future, and we will notify you when this happens. Going forward, improvements and development efforts will focus on the new Debricked CLI.As always, if you have any feedback we are very happy to hear it! Happy commanding!🚀

Related products:CLI

What’s New: What we launched so far in 2023

2023 continues to be a big year for Debricked, with much more on the way!It’s been a busy quarter (or a bit more?) here at Debricked. Some of the highlights include joining Opentext in their journey of innovation, and launching our self-serve Portal (including the Community and Knowledge Base).Over the last couple of months, we continued to make progress in our mission to simplify open source security and streamline your experience in the Debricked universe. From automation engine customization to single sign on integration, we've been hard at work adding new features and improving existing ones to make your life easier.Read on to learn more about all the newest features that will help make your day a little better with Debricked ✨ What have we released in Q1? Default automation rulesAutomation engine customizationWe’ve made improvements to our very core: the automation engine. Building automations is what really makes Debricked powerful, as it helps you scale your rules and policies across the organization. With this update, we give you the power to configure which rules are added to newly created repositories by default. This can either be done while creating a new rule, or editing an existing one. See here for more information. Performance and reliability developmentFaster and more reliable scanningOver the past few months, we’ve worked hard to make our scanning and matching of new vulnerabilities even faster than before. The latest updates make your job easier and make sure your results are not only fast and accurate, but also reliable. We’ve improved the stability of vulnerability algorithms and matching of vulnerable version ranges. These updates will also ensure lower response times in resolving potential future false positive reports. What have we already deployed in Q2? Q2 has just started, but we are already progressing! We've been working extra hard and already managed to release a few updates optimizing your Debricked experience. Enterprise Single Sign On (SSO)Centralized user and access managementIn order to simplify user management and enhance security, we’ve made our onboarding process smoother by enabling SSO integrations.Integrating your SSO provider with Debricked allows for a more streamlined user experience. This feature enables you to authenticate with your own SSO provider to access our tool, eliminating the need to create and remember separate login credentials. This integration also ensures that access to the Debricked tool is granted only to your authorized users, as authentication is handled by the SSO provider. See here for more information. License Risk widgetAddition to the OverviewAs part of bringing the Overview out of the Beta stage, we are releasing more widgets available for you to use. First up: the License Risk widget! It presents your current licence compliance risks, grouped by risk levels: critical, high, medium, low, and unknown. Similarly to the other widgets, you are able to customize the data by changing the selected repository/branch. See here for more information. What’s next? Don’t worry, we are not done yet! We are cooking up more major features and improvements coming in Q2 and later this year, including a new and improved Debricked CLI, high performance scanning, role-based access control, Root Fixes for C#, License review, and further improvements to the automations engine.  Curious to learn more? These are just some of the things we’re working on here at Debricked. Join our community to stay up-to-date with everything related to Debricked and the open source universe 🪐 If you’re already a member and would like to be notified every time we post an update, be sure to subscribe to our Product Updates page and keep up to speed.

3 things we are working on in Q1

More SSO integrations Being able to configure which rules are added to new repos by default Root fixes for C#, PHP and Python The past few years we’ve spent a lot of time thinking about what an SCA tool should be, what it typically is today and what it should not be. What is the future of managing open source risk? What is the next generation of SCA tools? We believe that there are a few key attributes that puts Debricked into the new generation bucket, some of them are actionability, excellent UX, dev-first approach and having a holistic view of open source risk. The coming year, we’re focusing on two main things: moving even further into the next generation and solidifying our position as front runners, and improving both usability and user experience. So, what does this mean in terms of product features and improvements?Firstly, making our onboarding process smoother by enabling SSO integrations. It’s important to us that our tool is easily accessible and simple to set up, and for larger teams it’s simply a must have. Next is expanding our abilities to help you fix vulnerabilities easily. During late 2022 we released the Root Fix, if you haven’t heard about it you can read more here. Basically, it helps you get a clear overview of your dependencies, trees and relations, direct and indirect and all associated vulnerabilities. It also, most importantly, gives you clear direction on how to fix all vulnerabilities, direct and indirect, easily. Today we offer support for a select few languages. By the end of Q1, we will proudly be adding C#, PHP and Python to that list!Aside from this, we’ll be focusing on improving our very core: the automation engine. Building automations is what makes Debricked really powerful, as it helps you scale your rules and policies across your organization. The main thing will be giving users power to configure which rules are added to newly added repositories by default. That’s all for now, see you again in Q2!

Year in review 2022

Another year has passed and with the risk of sounding like every single person in the world, what happened? Probably lots of things, since that’s usually what makes time run fast. To recap, I wanted to look back at all the things we’ve accomplished the past year and what’s new in the product. Let’s start from the top! Q1The first quarter we managed to finally get rid of the last parts of our old UI, which is something we won’t miss (especially not our designers, they cheered). Now the whole product looked pretty - a great start to the new year, right? Another project we did was optimizing scans, causing them to be about 85% (!) faster than before. Quite an achievement for the team, and our customers were delighted. The biggest milestone though was probably enabling our very own unique way of creating Fix Pull Requests, allowing you to fix a vulnerability with one click from our UI. Our PR’s are now incredibly fast and reliable due to the Graph Database technology working behind the scenes. Learn more about how we use Neo4j to create lightning fast PR’s here. Q2Q2 was really in the name of maintenance. We achieved a lot, but perhaps less flashy and exciting features than during Q1. Nevertheless, very important though. Among other things, we made it easy to invite a lot of users at once to your Debricked organization, we improved our billing experience in the tool and, in general, did a lot of polishing. Lastly, we further built out the capabilities of what we call source code-less scans. This is a way for us to scan for vulnerabilities without actually having to scan your source code, all in the name of security and privacy. You can read more about source code-less scans here.  Q3During the third quarter we had one large project and several small ones. The star of the show was definitely adding the ability to scan CycloneDX SBOM files with Debricked. This allowed users to scan their vendor’s SBOM’s to add another layer to their security practices. Other than that, we focused on making our automation engine really great by doing some adjustments and additions. For example, we added the ability to exclude branches in your rules, creating endless possibilities for customization.  Q4Finally, in Q4 (or, like, yesterday) we managed to squeeze in a lot of different things. Firstly, enabling the integration with Fortify on Demand, which is our big brother doing Static Application Security Testing. Now, a small part of Debricked is available in their UI.Secondly, we released Start Left Policies. SLP allows you to apply any rules set in the automation engine to your searches in Select, and can thus know if a dependency passes your rules, before you even import it. This is a super unique feature so make sure to read more about it here. Thirdly, we focused on helping our users fix their vulnerabilities easily. To do that, we released Root Fixes, which gives you full transparency into your dependency tree, any relations, indirect dependencies and vulnerabilities, and most importantly: guidance on how to fix them. Read more about our Root Fixes here. Finally, we added the ability to export CycloneDX SBOM’s through both the UI and API. In that same project, we made sure to improve our license matching so it’s done on the exact dependency version and included proof of license, copyright and full license text in the SBOM.