Bringing new tools in and getting them to be adapted can be a herculean effort. Habits take work to change. We’ve put together a customizable email template that you can send out to your team so they are up to speed with Debricked.
- Copy the template below and paste it into a new email/internal message. If you are using Notion for your internal documentation, you might want to duplicate this page.
- Customize the [placeholder text].
- Add any additional context to help your team understand how and why you’re using Debricked, and remove any content irrelevant to your environment.
- Send the email/message to your team and prepare to get your open source security on point!
As some of you know, we’re now using Debricked as our Software Composition Analysis tool (SCA). Debricked will scan our repositories for any unwanted vulnerabilities and non-compliant licenses and support us in finding open source projects that fit our internal policies.
Why are we using Debricked?
With the increase in the adoption of open source, teams become more vulnerable to its inherent risks. Therefore, we have selected Debricked to help us by providing and automating visibility into our open source software components. This will be done by [consistently scanning our code to find vulnerabilities and licenses].
This is how Debricked can help us:
- Dependency Management: by enhancing the visibility of the dependencies used in a project, including their versions and licenses.
- Security: the tool will consistently scan and monitor dependencies for known security vulnerabilities; it will help us identify and alert the team about vulnerabilities in third-party libraries and components so we can proactively address these issues and be up to date with the latest security patches.
- License Compliance: Debricked can automatically detect and report on the licenses of the third-party components used in our projects, ensuring that we stay compliant and avoid legal issues related to licensing violations.
- Become more efficient: manually tracking dependencies, licenses, and security vulnerabilities can be time-consuming and error-prone. Debricked will automate these tasks, allowing us to save time for issues that matter.
- Custom policies and alerts: through the “Automations” engine, we can enforce our custom policies. For example, we can automatically fail any pipelines that include a GPL license.
- Reporting: we will be able to export different reports to be used and shared among internal stakeholders, auditors, or other relevant stakeholders. These reports provide clear insights into the state of our open source components.
- Safe from the ground up: with its Start Left functionality, Debricked will help us by using our current policies as an anchor to select the right open source components to take into our organization, saving us time and money down the line.
Let’s get it started!
Step 1: Open Debricked’s invite email. You will be asked to set a password and confirm your first and last names. If you cannot find the invite, please check the spam folder.
Where to find resources?
- [Our intranet under XYZ]
- Knowledge Base
- Product Updates
- Video resources + upcoming webinars
- In-app guides and checklists can be found in the Help Center at the bottom right corner of your account.
Questions or feedback?
If you have questions about our new SCA tool, please respond to this email. If you believe you need access to manage the tool page but didn’t receive the email to log in, please reach out.