Bringing new tools in and getting them to be adapted can be a herculean effort. Habits take work to change. We’ve put together a customizable email template and getting started document that you can send out to your team so they are up to speed with Debricked.

Instructions

1. Copy the template below and paste it into a new email/internal message.
2. Customize the [placeholder text].
3. Add any additional context to help your team understand how and why you’re using Debricked, and remove any content irrelevant to your environment.
4. Send the email/message to your team and prepare to get your open source security on point!

Template

Hello team,

As some of you know, we’re now using Debricked as our Software Composition Analysis tool (SCA). Debricked will scan our repositories for any unwanted vulnerabilities and non-compliant licenses and support us in finding open source projects that fit our internal policies.

Why are we using Debricked?

With the increase in the adoption of open source, teams become more vulnerable to its inherent risks. Therefore, we have selected Debricked to help us by providing and automating visibility into our open source software components. This will be done by [consistently scanning our code to find vulnerabilities and licenses].

This is how Debricked can help us:

• Dependency Management: by enhancing the visibility of the dependencies used in a project, including their versions and licenses.
• Security: the tool will consistently scan and monitor dependencies for known security vulnerabilities; it will help us identify and alert the team about vulnerabilities in third-party libraries and components so we can proactively address these issues and be up to date with the latest security patches.
• License Compliance: Debricked can automatically detect and report on the licenses of the third-party components used in our projects, ensuring that we stay compliant and avoid legal issues related to licensing violations.
• Become more efficient: manually tracking dependencies, licenses, and security vulnerabilities can be time-consuming and error-prone. Debricked will automate these tasks, allowing us to save time for issues that matter.
• Custom policies and alerts: through the “Automations” engine, we can enforce our custom policies. For example, we can automatically fail any pipelines that include a GPL license.
• Reporting: we will be able to export different reports to be used and shared among internal stakeholders, auditors, or other relevant stakeholders. These reports provide clear insights into the state of our open source components.