Ideas
Product Updates
Events

New post

My profile
- Topics
- Replies
- Solved
- Bookmarks
- Private messages
- Settings
- Log out

Home
Community
Space Huddle

Space Huddle

Inspire and get inspiration from other Open Source Security journeys

31 Topics

Recently active

Most replies Most views Newest first

BeneditaCommunity Manager

published in Show & Tell

📩 Introduce Debricked to your team [enterprise] - email template

Bringing new tools in and getting them to be adapted can be a herculean effort. Habits take work to change. We’ve put together a customizable email template that you can send out to your team so they are up to speed with Debricked. InstructionsCopy the template below and paste it into a new email/internal message. If you are using Notion for your internal documentation, you might want to duplicate this page. Customize the [placeholder text]. Add any additional context to help your team understand how and why you’re using Debricked, and remove any content irrelevant to your environment. Send the email/message to your team and prepare to get your open source security on point! Template Hello team,As some of you know, we’re now using Debricked as our Software Composition Analysis tool (SCA). Debricked will scan our repositories for any unwanted vulnerabilities and non-compliant licenses and support us in finding open source projects that fit our internal policies.Why are we using Debricke

8 days ago

BeneditaCommunity Manager

published in Show & Tell

Webinar recording 🧑‍🏫 Refresh your Debricked skills

Last week we hosted our monthly onboarding session: “Learn the Debricked Fundamentals”. In this webinar we usually go through an overview of the tool and some Q&A from the audience. No FOMO is needed.You can watch it here or share it with your team.You can join live next time 👇

1 month ago

BeneditaCommunity Manager

published in Show & Tell

New playlist alert 📽️ Cybersecurity - Fundamental terminologyTutorial

Join us as we unravel the world of cybersecurity terminology. Are you sometimes lost in the whirlwind of cybersecurity terms? Want to learn more about its fundamentals and how you and your team can stay safe? Look no further! 🛡️ Check out my brand new YouTube playlist filled with informative videos on the basics of cybersecurity. From basic definitions to understanding common threats, these videos have you covered. 🎥 Watch the playlist here: https://www.youtube.com/playlist?list=PLZQ5U-W8XnxMrF2UKpkC03sG2OrEE5bkf Big thanks to @martin.hell for sharing his knowledge with us!

120

2 months ago

BeneditaCommunity Manager

published in Discussions

Share with us 🔈What Do You Look for When Selecting an Open Source Project?

Whether it's the project's mission, community engagement, documentation, or something else entirely, we want to hear from you.Let's learn from each other and discover what makes open source projects truly remarkable! Share your insights below. ✨

3 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡19May

Ahoy Portal members! It is Friday again and time to cache-up with the latest cool content you have found around open source and/or general tech. As always, I will start: this week I was super dazzled by Coca-Cola’s recent advertisement: 100% AI-Generated 🤯. See below (and here for the impressive behind the scenes): What has fascinated you this week? Share below ✨

4 months ago

sweoggyShip Member

posted in Show & Tell

Scanning Docker images with Debricked

Hi all, I have been using Debricked for my pet projects for a while now and have been liking it a lot. However, I also have a few custom Docker images which I wanted to scan using Debricked. While there doesn’t seem to any official Docker image support (yet?), I figured that I could try to generate a CycloneDX report using Docker’s SBOM plugin (https://github.com/docker/sbom-cli-plugin) and then import that. Said and done, I ran the plugin with flags --format cyclonedx-json --output imagename.sbom.json, the CLI automatically picked up the CycloneDX reports and after a few seconds I got both license and vulnerabilities back! TLDR: To scan Docker images with Debricked, you need to do the following: Install and run the Docker SBOM CLI plugin, https://github.com/docker/sbom-cli-plugin, in order to generate a CycloneDX report. Make sure to change the format to CycloneDX, e.g.:docker sbom username/imagename:latest --format cyclonedx-json --output imagename.sbom.json Run Debricked CLI, https:

4 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡 “Tell me what you read and I will tell you who you are!”

What publications/blogs do you read on a frequent basis?For all things related to open source, I am a big fan of The ReadME project.Share the gold with us below ✨

4 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡4May

One of the thing that personally fascinates me with open source is its ability to connect people to solve for some societal challenges and make scientific breakthroughs that can make our lives better. This week I enjoyed reading about how “Open source is fuelling the future of nuclear physics”. Interesting piece about making balanced choices on how much is too open as in this case it can be a double-edge sword. Is there anything you enjoyed reading/seeing/listening this week? Share with us below

4 months ago

BeneditaCommunity Manager

published in Discussions

Share with us 🔈 What do you consider a security threat?

There are many definitions, opinions and interpretations out there on what is considered a security threat. What does this mean to you and your team? Have you created an internal definition? We’d love to hear your thoughts about it.✨ We have shared our thoughts a while back - you can read it here.

4 months ago

ida.langDebricked crew

published in Discussions

Share your thoughts 💭 Sneak peek of the new overview pageFeedback

Hello Portal crew, We are working on some changes to the current Overview page. Besides seeing your vulnerabilities overtime, you’ll also be able to check your fixed vulnerabilities and the combined license risks of all your repositories in one centralized place, cool huh? But the future of this page is not yet decided and we would love to hear from you what could make this page more useful. It could be anything from all time history data, recent comments, review statuses, action points, or something else entirely! You name it We’d love your input, please share it below. Thank you ✨Ida - Product designer

722

5 months ago

BeneditaCommunity Manager

published in Show & Tell

Key Takeaways from the 2023 State of Code Security Report - webinar recording and bonus resources

Last week we have shared the virtual stage up Fortify to unveil the Key Takeaways from the 2023 State of Code Security Report and we want to share the gold with you! Feel free to peek through the resources at your own pace. 🎥 You can access the recording of the session here📖 If you want to take a step further and deep dive into the resources you can check those shared by Fortify in this page and also this e-book that Martin refers to some times in the video (Managing and Fixing Open Source Vulnerabilities at scale) Enjoy!

100

5 months ago

BeneditaCommunity Manager

published in Show & Tell

Storytime 📢 Share with us how you got started with open source

Share your open source journey with us! Whether you're a veteran or just starting out, we'd love to know what motivated you to join the community. Tell us how open source has impacted your life and career in the comments below. Bonus points for sharing your tips on securing your open source code 😎.

5 months ago

BeneditaCommunity Manager

published in Discussions

Share with us 🔈Open source projects I can't live without

We are calling out for inspiration today. What is/are some open source projects you can't imagine living without?Why not?Share the gold with us! ✨

373

5 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡4Apr

Ahoy ship members,It’s time for another cache up of recent news on Open Source Security/Cybersecurity or general Open Source that you found insightful or interesting recently.I will start: this week I read how some hackers could mess up with Tesla’s infotainment system by exploiting three vulnerabilities. Thankfully those vulnerabilities did not enable, at least that is known of, the car navigating control. Wild, huh?What has recently inspired or surprised you? Share with u below 👇

5 months ago

BeneditaCommunity Manager

published in Show & Tell

New tutorial(s) alert 🎥 Choosing open source components with Debricked

If you are following us on YouTube, you might have noticed that we are on a streak of new videos. Have you checked our Product tutorials playlist? Today we want to highlight Open Source Select and Start Left tutorial. Learn how you can become risk-proactive rather than risk reactive with a few clicks. Let us know below what you think about the new tutorials and if you would like us to cover any special topic. ✨ Stay informed, stay secure!

5 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡 We need your ideas!

Dear Portal crew, we value your input and would love to hear your ideas! What type of content would you like to see more of in our community? For example: videos, tutorials, AMAs (ask me anything) session, workshops, etc. Anything is valid.Share your ideas with us in the comments below. Have a great weekend! Here is a little bonus for opening this post and helping us out 😄 [Abhinav Pandey,Dev.to]

6 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡17Mar

Can you also feel the spring in the air right now? Just like that, we are in the last days of “official” winter here in Europe. Besides the days getting longer and a glimpse of reinvigoration after the winter, tell us, what has inspired you recently in the Open Source (Security) or general tech?As you might imagine we have a “rush” for fixing vulnerabilities here at Debricked, so when I was reading the news this morning I thought I would do my share of spreading the word on a recently discovered vulnerability on some Android phones that might be affecting you. Check it out here. Have a great weekend!

6 months ago

GAskefalkShip Member

posted in Discussions

Do not break on found CVE lacking remedy

We are using Debricked as a stage in our Azure Devops Pipeline. We have been forced to actually disable it’s capacity to fail the pipeline as it does that too much. What we really want is for it to fail if and only if A CVE is found of certain level AND there do exist a remedy for it that we can fix. Stopping on CVE that has no fix makes no sense, imho.

6 months ago

BeneditaCommunity Manager

published in Show & Tell

New tutorial alert 🎥 Integrating Debricked with your Azure DevOps workflows

Check out our freshly brewed video tutorials helping you get the most out of Debricked’s Azure DevOps integration in our YouTube channel: How to add Debricked to your Azure DevOps pipeline Opening a Debricked generated Pull Request on Azure DevOps Shoutout to @emilwareus for creating these step by step tutorials. ✨ For more information about the integration, please check out our docs.Happy scanning!

350

6 months ago

BeneditaCommunity Manager

published in Show & Tell

Storytime 📢 Tell us how are you using Debricked's API?

Greetings, portal ship members 🚀 It’s story time!How are you harnessing the power of Debricked’s API to explore the vastness of the open source universe in your workflows?We would love to hear your tales of triumph and feature you on our Community homepage! Share your knowledge in the comments below.

562

6 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡3Mar

And just like that, it’s Friday again 💥 So it is time to cache-up on the latest on Open Source (Security)/Cybersecurity or general in tech. What has inspired you recently? I will get started 👉 I am a bit of a weather forecast aficionada so I was instantly drawn to this blog post about creating your own Weather Forecast station at home with open source software.Nifty! In case you are like me and if you do not have plans this weekend, here is a challenge for you 😉. What has inspired this week? Share with us below.

6 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡 Hackthon edition 🧑‍💻

Your weekly doses of inspiration is here ⚡️ This week I was inspired by reading this article about Ukraine’s Volunteer Cyber Army and the work they are doing to fight against the online war side of things with Russia. Including a 3 day long Hackathon. That got me thinking about the power of hackathons to solve-real live problems! Have you ever participated in one? Or would you like to? Which one? Comment in the thread below 👇

7 months ago

BeneditaCommunity Manager

published in Show & Tell

SBOM: The Key to Secure Software Supply Chain Management - webinar recording and bonus resources

Yesterday we have unveiled the secrets of SBOM: The Key to Secure Software Supply Chain Management in an insightful live session. No FOMO is needed, we are here to share the knowledge with you! 🎥 You can access the recording of the session here.📖 If you want to take a step further and deep dive into the topic, you can check our new blog post series about SBOM here. Enjoy and we hope to see you live soon!

230

7 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up 💡 YouTube edition 📺

Your weekly doses of inspiration is here ⚡️ Are you also a big fan of video as a way to learn and stay up to date? I thought this week we could share our go-to YouTube channels to learn new things to help on your work. You can share a little bit about why you like it. 😊 And, of course, you can share articles/news, etc if you prefer! My go-to lately is Zapier’s channel as I am using it more and more in my work and I like the way it is organized! I can't wait to see what you all recommend! Share below your favorite channels.

202

7 months ago

BeneditaCommunity Manager

published in Weekly cache-up

Weekly cache-up💡17Feb

Your weekly doses of inspiration is here ⚡️ In this gloomy and stormy day, I look forward to get hit with some inspiration lightning you share with us! What cool articles/news/videos/podcasts have you discovered recently? To follow the theme of Friday traditions, I enjoyed reading this blog post from Greg Shier on “Why We Ship the Most Code on Friday” What has inspired you recently? Share below.

201

7 months ago

Page 1 / 2

Latest achievements

felix.kruusehas earned the badge Expert Speaker
felix.kruusehas earned the badge Intermediate Speaker
rocketship17has earned the badge Beginner Speaker
felix.kruusehas earned the badge Beginner Speaker
NevyXushas earned the badge Beginner Speaker

Show all badges

Terms & Conditions Cookie settings

Create an account

You can create an account below using either single sign-on or a username/password. Already have an account? Log in

Single sign-on

Username *

Email address *

Title

Company

GitHub Profile

Country

About me

My favourite OS package

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Log in to the Portal

No account? Create an account now.

Single sign-on

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.