Product Releases 2021: A year in review

by Felix Kruuse

2022-02-16

4 min

Working at Debricked in 2021 was a year of contrasts and conflicting emotions. We have released more features – and entirely new product areas – than ever before, close to 10x’ed both revenue and active users, and grown both our team itself and the strong bonds within our team. I have had the best time of my professional life, and I believe many of my colleagues feel the same.

Simultaneously, Covid19 was still raging on, and as such, life outside of Debricked was… weird. The contrasting reality was weird. 2021 was weird. Thankfully, the task before me is to write about Debricked’s year, and that is, as always, a cheerful story.

Our vision taking form

If you’ve ever been in a meeting with me, you’ve seen this (admittedly, visually underwhelming) illustration and heard me say that Software Composition Analysis is, and should be, about more than “just” vulnerabilities and licenses.

Besides dealing with the – very important – security and compliance risks, SCA should also help you deal with the risk of technical debt introduced through under-supported open source projects. More importantly, it should help you automate the management of all three areas.

In 2021 we were really close to delivering on this vision. 2022 will be the year we bring it home.

New product areas 2021

With the vision in mind, multiple new product areas emerged in 2021. Let us walk down memory lane here.

Automations

First up, in late February, we introduced our Automations system to the world. This system allows users to create IF-THIS-THEN-THAT type rules to automatically trigger events based on defined conditions about the open source used in a project.

This allows organizations to:

Codify new and existing policies on open source usage to ensure enforcement
Have the rules run as automated tests in the CI-pipeline and if triggered

In organizations who use automations, developers don’t have to second-guess their decisions and managers can sleep easy knowing that no-one can ignore their policies.

Example of a rule that fails the pipeline if a new dependency, licensed under GPL 3.0 is added to the main branch

Licenses

As you probably already know, license compliance is a vital part of managing your open source. Finally, in 2021 we decided to add a license view to our tool. In this view, we allow our users to overview all their dependencies and associated licenses. Users can configure how the code of a repo is distributed which allows us to set a risk rating for a given license in a given repo.

We also added licenses to our automation engine! This allows you to decide on an organizational level, or repo level, which licenses (or risk levels, again depending on use case), you are willing to let into your codebase. Lastly, we added the ability to export license reports to be shared with managers or other stakeholders (or just put on your wall as decoration, the sky’s the limit).

Health – Open Source Select

The release of Open Source Select was probably the most exciting launch of 2021. Select is a platform that allows you to search for, compare and analyze the health of all open source on Github; pretty cool, right?!

Wait, what the #€! Is health, you may ask? Well, open-source health is a way of measuring how an open-source project is doing. We look at the number of contributors, their activity, whether or not the core team is still active, popularity, opened issues vs. closed issues, and much much more.

The result is a one-stop-shop for all to make better decisions when researching a library or a framework and less risk for choosing something you may regret in the future. The best part about it all? It’s free! Everything and more about Select is captured in our Select launch announcement.

Other releases

We haven’t just invented new stuff because many new features and improvements went into the existing product areas. Here’s a selection of the ones that made our customers extra happy:

Pull requests for JavaScript

Have you ever wanted to get rid of a vulnerability by just closing your eyes and clicking a button? Well, with Debricked it’s almost that easy, if you use Github or Gitlab. Support for more languages and Source Code Managers is coming up during 2022!

Improved data quality

We have always taken pride in our data quality, but being great at something means constantly working to improve it. During 2021, we managed to get up to close to 100% true positive rate in JavaScript, Go, Python and Java. We’re pretty happy with those results, and our customers even more so since it means minimal time spent on false positives.

There’s more to come though! During 2022 we will be introducing a feature which allows you to get even higher precision by specifying which functions contain the vulnerable part of the code and if you are using them or not. Stay tuned!

Dependency tree visualizations

You can now see the entire dependency tree visualized in our UI for JavaScript, Java, Go, and C#! (support for more languages coming during 2022).

Dependency tree showing how the vulnerable dependency, netmask, got introduced to the user’s codebase as an indirect dependency to nightwatch

New branding

If you’re following us on LinkedIn (if not, please do it now) or opening our newsletters frequently, you would most likely have come across one of our hugest announcements to date in September. ICYMI, the entire Debricked – website, application, email, everything – got a makeover. We even got a new logo!

Debricked’s upgraded logo.

Finding the story that enhances Debricked’s personality while ensuring that it reflects the values we provide was a challenge that we flung ourselves into. New brand guidelines were created, and the weeks leading up to launch were dedicated to building a new website.

Deployment was a bumpy ride but went swimmingly in the end. Nonetheless, the work didn’t end there. It is now that the actual race starts. There are more challenges in sight – improving and maintaining the quality of the website and increasing brand visibility, to name a few.

All of this was possible thanks to our in-house team, positioned to succeed with help from an ally like Nobiz, who joined us on this rebranding-excursion from Day 1. So, make sure to read their side of this epic story.

API

We are in love with our beautiful UI, but we also recognize that there are pros to using our service through our API. Now, since a couple of months back, it’s possible to completely customize your Debricked experience to fit your preferences. Head over to the docs to get more information and inspo!

2021 was a weird year

… but it ended on a really good note! Now, as the world starts to resurrect from these past two years of strangeness, we can say with confidence that Debricked is here to stay, and that we bring some truly unique solutions to the table. 2022 is going to be a good one, so stay tuned.

Product

Security
CVSS precedence in NVD and Debricked

2024-01-11 4 min
Product
Debricked Wrapped 2023: What you need to know about our year (and next)

2023-12-20 4 min
Product
The importance of protecting your source code and how Debricked can help

2023-10-23 4 min