Year in review 2022

Year in review 2022

Another year has passed and with the risk of sounding like every single person in the world, what happened? Probably lots of things, since that’s usually what makes time run fast. To recap, I wanted to look back at all the things we’ve accomplished the past year and what’s new in the product. Let’s start from the top!



The first quarter we managed to finally get rid of the last parts of our old UI, which is something we won’t miss (especially not our designers, they cheered). Now the whole product looked pretty - a great start to the new year, right? 

Another project we did was optimizing scans, causing them to be about 85% (!) faster than before. Quite an achievement for the team, and our customers were delighted. 

The biggest milestone though was probably enabling our very own unique way of creating Fix Pull Requests, allowing you to fix a vulnerability with one click from our UI. Our PR’s are now incredibly fast and reliable due to the Graph Database technology working behind the scenes. Learn more about how we use Neo4j to create lightning fast PR’s here.



Q2 was really in the name of maintenance. We achieved a lot, but perhaps less flashy and exciting features than during Q1. Nevertheless, very important though. 

Among other things, we made it easy to invite a lot of users at once to your Debricked organization, we improved our billing experience in the tool and, in general, did a lot of polishing. 

Lastly, we further built out the capabilities of what we call source code-less scans. This is a way for us to scan for vulnerabilities without actually having to scan your source code, all in the name of security and privacy. You can read more about source code-less scans here


During the third quarter we had one large project and several small ones. The star of the show was definitely adding the ability to scan CycloneDX SBOM files with Debricked. This allowed users to scan their vendor’s SBOM’s to add another layer to their security practices. 

Other than that, we focused on making our automation engine really great by doing some adjustments and additions. For example, we added the ability to exclude branches in your rules, creating endless possibilities for customization. 



Finally, in Q4 (or, like, yesterday) we managed to squeeze in a lot of different things. Firstly, enabling the integration with Fortify on Demand, which is our big brother doing Static Application Security Testing. Now, a small part of Debricked is available in their UI.

Secondly, we released Start Left Policies. SLP allows you to apply any rules set in the automation engine to your searches in Select, and can thus know if a dependency passes your rules, before you even import it. This is a super unique feature so make sure to read more about it here

Thirdly, we focused on helping our users fix their vulnerabilities easily. To do that, we released Root Fixes, which gives you full transparency into your dependency tree, any relations, indirect dependencies and vulnerabilities, and most importantly: guidance on how to fix them. Read more about our Root Fixes here

Finally, we added the ability to export CycloneDX SBOM’s through both the UI and API. In that same project, we made sure to improve our license matching so it’s done on the exact dependency version and included proof of license, copyright and full license text in the SBOM.

Last year was great! And what is even better is that you can read about all of this work in our Knowledge Base here in the Portal 🤓