Show & Tell

Share your hacks & best practices with your peers

  • 16 Topics
  • 5 Replies

16 Topics

Benedita
BeneditaSpace Admiral
published in Show & Tell

Debricked CLI Migration guideTutorial

The Legacy CLI has now been officially deprecated. By April 2nd using it will result in pipeline failures, and the scans will be completely turned off on May 2nd 2024. Going forward, all our efforts and enhancements will be dedicated solely to the new Debricked CLI. Thus, we strongly recommend and encourage your transition to the new CLI in order to stay aligned with the latest features and improvements.Read on to find out why you should migrate to the new CLI and what actions are needed from your side. Why switch to the new CLI? The new Debricked CLI is distributed as a self-contained binary, removing the need for a PHP environment. This makes it easier to install, integrate, run, and upgrade. We have also added and will continue to add new functionalities and improvements, such as:Automatic application of git metadata to scans Faster scanning*: Finding and uploading files is now significantly faster Improved call graph generation for vulnerable functionality Manifest-less/fingerprint

3100
Benedita
8 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

New video alert 📽️ Mastering Debricked's CLI and API

Missed our CLI & API live session? Don't worry!In this live session, we have delved into our CLI and API. Learn how they work, how to configure them, real-life applications, and more. Check it out: https://youtu.be/3fEOTOwHGbM 

110
Benedita
2 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

💡[Inspiration] We did an internal Security Quest - check out how!

Last week, we set sail on an adventure that blended fun, camaraderie, and, of course, a healthy dose of cyber intrigue. The event aimed to boost our cybersecurity awareness in a fun and engaging way to complement the more “theoretical” training we have on an ongoing basis. The format: reality meets pixelsAs a hybrid company, with people working from the office and remotely in other cities and countries, we tried to be as flexible as possible in most activities so everyone could be part of the event.We had a main online room (Google Meet) connected throughout most of the event and to our office’s main room television and camera so people joining remotely could see the office. For some specific activities, we created private online rooms where each team could strategize and scheme privately.To diversify the skill sets within each team, we intentionally included members from different departments. It was a valuable opportunity for people who may not typically collaborate to engage in mean

70
Benedita
7 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

New video alert 📽️ What is Open Source Health? (with Fortify)

Our Head of Research and Development, Emil, just dropped some knowledge nuggets on Open Source Health, and you won't want to miss it.We've got that video for you (thanks Fortify!), and it's packed with insights that could transform the way you approach health data. Enjoy!  

30
Benedita
8 months ago
emilwareus
Debricked crew
emilwareusDebricked crew
posted in Show & Tell

How to scan a repository with different services

Hi! I got asked today how Debricked can handle “multiple services” in the same repo. It is common to have monorepos with different deployments/microservices/etc.. in them, but you want to logically separate them in the debricked UI. This is easy to do through the CLI, and I have an example repository here: https://github.com/emilwareus/debricked-split-repo This is how the base action looks, but I would probably just split this into two separate actions to get a better overview of what services triggers what rules, and potentially only run the scans on changes in each service.  name: Debricked scanon: [push]jobs: vulnerabilities-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Install Debricked CLI run: | curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked ./debricked --version # Here I make two separate scans with debricked in different parts of the repo

0
emilwareus
Debricked crew
9 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

📩 Introduce Debricked to your team [enterprise] - email template

Bringing new tools in and getting them to be adapted can be a herculean effort. Habits take work to change. We’ve put together a customizable email template that you can send out to your team so they are up to speed with Debricked. InstructionsCopy the template below and paste it into a new email/internal message. If you are using Notion for your internal documentation, you might want to duplicate this page. Customize the [placeholder text]. Add any additional context to help your team understand how and why you’re using Debricked, and remove any content irrelevant to your environment. Send the email/message to your team and prepare to get your open source security on point! Template Hello team,As some of you know, we’re now using Debricked as our Software Composition Analysis tool (SCA). Debricked will scan our repositories for any unwanted vulnerabilities and non-compliant licenses and support us in finding open source projects that fit our internal policies.Why are we using Debricke

380
Benedita
10 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

Webinar recording 🧑‍🏫 Refresh your Debricked skills

Last week we hosted our monthly onboarding session: “Learn the Debricked Fundamentals”. In this webinar we usually go through an overview of the tool and some Q&A from the audience. No FOMO is needed.You can watch it here or share it with your team.You can join live next time 👇 

120
Benedita
11 months ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

New playlist alert 📽️ Cybersecurity - Fundamental terminologyTutorial

Join us as we unravel the world of cybersecurity terminology. Are you sometimes lost in the whirlwind of cybersecurity terms? Want to learn more about its fundamentals and how you and your team can stay safe? Look no further! 🛡️ Check out my brand new YouTube playlist filled with informative videos on the basics of cybersecurity. From basic definitions to understanding common threats, these videos have you covered. 🎥 Watch the playlist here: https://www.youtube.com/playlist?list=PLZQ5U-W8XnxMrF2UKpkC03sG2OrEE5bkf Big thanks to @martin.hell for sharing his knowledge with us!  

130
Benedita
1 year ago
S
sweoggyShip Member
posted in Show & Tell

Scanning Docker images with Debricked

Hi all, I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin (https://github.com/docker/sbom-cli-plugin) and then import that. Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back! TLDR: To scan Docker images with Debricked, you need to do the following: Install and run the Docker SBOM CLI plugin, https://github.com/docker/sbom-cli-plugin, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json Run Debricked CLI, https:

1
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

Key Takeaways from the 2023 State of Code Security Report - webinar recording and bonus resources

Last week we have shared the virtual stage up Fortify to unveil the Key Takeaways from the 2023 State of Code Security Report and we want to share the gold with you! Feel free to peek through the resources at your own pace. 🎥 You can access the recording of the session here📖 If you want to take a step further and deep dive into the resources you can check those shared by Fortify in this page and also this e-book that Martin refers to some times in the video (Managing and Fixing Open Source Vulnerabilities at scale) Enjoy!

100
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

Storytime 📢 Share with us how you got started with open source

Share your open source journey with us! Whether you're a veteran or just starting out, we'd love to know what motivated you to join the community. Tell us how open source has impacted your life and career in the comments below. Bonus points for sharing your tips on securing your open source code 😎.

90
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

New tutorial(s) alert 🎥 Choosing open source components with Debricked

If you are following us on YouTube, you might have noticed that we are on a streak of new videos. Have you checked our Product tutorials playlist? Today we want to highlight Open Source Select and Start Left tutorial. Learn how you can become risk-proactive rather than risk reactive with a few clicks. Let us know below what you think about the new tutorials and if you would like us to cover any special topic. ✨ Stay informed, stay secure!

100
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

New tutorial alert 🎥 Integrating Debricked with your Azure DevOps workflows

Check out our freshly brewed video tutorials helping you get the most out of Debricked’s Azure DevOps integration in our YouTube channel: How to add Debricked to your Azure DevOps pipeline Opening a Debricked generated Pull Request on Azure DevOps Shoutout to @emilwareus for creating these step by step tutorials. ✨ For more information about the integration, please check out our docs.Happy scanning!

430
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

Storytime 📢 Tell us how are you using Debricked's API?

Greetings, portal ship members 🚀 It’s story time!How are you harnessing the power of Debricked’s API to explore the vastness of the open source universe in your workflows?We would love to hear your tales of triumph and feature you on our Community homepage! Share your knowledge in the comments below.

602
Benedita
1 year ago
Benedita
BeneditaSpace Admiral
published in Show & Tell

SBOM: The Key to Secure Software Supply Chain Management - webinar recording and bonus resources

Yesterday we have unveiled the secrets of SBOM: The Key to Secure Software Supply Chain Management in an insightful live session. No FOMO is needed, we are here to share the knowledge with you! 🎥 You can access the recording of the session here.📖 If you want to take a step further and deep dive into the topic, you can check our new blog post series about SBOM here. Enjoy and we hope to see you live soon! 

270
Benedita
1 year ago
emilwareus
Debricked crew
emilwareusDebricked crew
posted in Show & Tell

I got debricked working with C++ (conan)

Debricked supports SBOM scanning of CycloneDX sboms. I really wanted to scan my Conan project, so I created a GitHub Action that generates an SBOM and scans it with the Debricked tool.Here is the action: https://github.com/emil-debricked/examples/blob/master/.github/workflows/debricked.yml It uses the official CycloneDX Conan generator from the CycloneDX project :) https://github.com/CycloneDX/cyclonedx-conan Hope you like it! 

2
N
1 year ago

Latest achievements

Show all badges
Terms & ConditionsCookie settings