# First setup

To get the most out of using Debricked, you need to perform a basic setup. We will walk you through how to integrate Debricked with your CI system, how to setup use cases for license and policies, and other administrative settings.

To work continuously with vulnerability and license risk using Debricked, it is best to set up an integration to your source code management system. Here, we show you how to set up an integration with GitHub. For other integrations, please see here.

If you do not have any repositories to work with and just want to check out the tool, see here on how to add a sample repository.

# Setup an integration on first login

The first time you login after creating your account, you will be taken to this onboarding screen. This view is only shown if there is no previously added repository, either manually or via integrations. Choose the system that you want to integrate to.

# GitHub app

  1. Click on GitHub
  2. GitHub will open, click on install
  3. The Debricked app will open, click on “Scan all”

Onboarding all repos

Once the Scan is completed the results will be avaliable under Repositories, Vulnerabilities and Dependencies.

Integrate with only selected repositories:

  1. Click on GitHub
  2. GitHub will open, select “Only select repositories”
  3. Select the repositories you want to integrate with
  4. Click “Install”
  5. The Debricked app will open, click on “Scan all”

Oboarding selected repos

# GitHub actions

For more details on how to setup GitHub actions, see here.

# Other CI systems

For integrating with GitLab, Bitbucket or Azure DevOps, click the corresponding button in the onboarding view. For details on how to setup an integration, please see the documentation here.

Onboarding GL BB AZ

For other integrations, click the button "More integrations"

Onboarding more

Read and follow the instructions shown in the next view. When done, click on "Repositories added, start navigating"

Onboarding more 2

# Manual upload

If you have a dependency file of a project, but setting up an integration is not applicable at the moment, you have the option to upload the dependency file manually.

If there is no previous data added in your account, you will see the onboarding view. Click on "manually upload".

Manual upload option

You will be directed to the following view where you can upload your dependency files.

Manual upload view

Once your files are scanned, you will see a quick summary, and you can view the results.

Manual upload finished

Please read the documentation on the integrations page for more details regarding manual uploads.

# Sample repository

If you have no data to work with and you just want to check out the tool, it is possible to add our sample repository. This repository is a front-end based repo based on React together with Lodash and Mime.

If this is the first time you log in to the service, or if there are no added repositories, you will be met with the following screen. Sample repo

Click "add a sample repository" to add the sample repository. Sample repo scan

Click "Scan all" to start the scan of the repo. Note that you can start navigating the tool during the scan.

# Set up a license use case

The first time you visit the license view, you'll notice that all repositories will be set to "Unknown" in the risk column.

License default

This is because you have not yet configured any use cases for your repositories. Setting a use case lets the tool know how you distribute the code in each of your repos, which has an impact on the risk of any given license.

To do this, go to "Manage"->"Repositories and Commits". Under the column "Use case" you can click and select a use case for the specific repository. The license view will then be updated accordingly.

License use case

Read more about licenses here for details.

# Set up automations

The automations engine allows for rules to be triggered based on conditions. For example, a rule can fail a pipeline if there is a new high-risk vulnerability detected, or an unwanted license.

By default, Debricked has set up 4 rules for you to prevent unwanted licenses or dangerous vulnerabilities.

Automation default rules

In case these default rules interfere with your development in a negative manner, they can easily be disabled by clicking the toggle button.

Automation toggle enable

For more information about the automation engine and how to setup your own rules, see here.