{"id":20434564,"url":"https://github.com/debricked/cli","last_synced_at":"2026-03-17T06:29:39.771Z","repository":{"id":65432027,"uuid":"453534253","full_name":"debricked/cli","owner":"debricked","description":"Debricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.","archived":false,"fork":false,"pushed_at":"2026-01-28T06:16:07.000Z","size":94351,"stargazers_count":23,"open_issues_count":1,"forks_count":13,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-01-28T22:33:24.734Z","etag":null,"topics":["cli","debricked","sca"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/debricked.png","metadata":{"files":{"readme":"README.FoD.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-01-29T22:31:19.000Z","updated_at":"2026-01-27T05:21:56.000Z","dependencies_parsed_at":"2023-12-11T14:39:06.490Z","dependency_job_id":"3a6e98d2-3548-4b9b-8cec-080663d71e67","html_url":"https://github.com/debricked/cli","commit_stats":null,"previous_names":[],"tags_count":118,"template":false,"template_full_name":null,"purl":"pkg:github/debricked/cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/debricked%2Fcli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/debricked%2Fcli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/debricked%2Fcli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/debricked%2Fcli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/debricked","download_url":"https://codeload.github.com/debricked/cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/debricked%2Fcli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29009623,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T08:40:12.472Z","status":"ssl_error","status_checked_at":"2026-02-02T08:40:10.926Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","debricked","sca"],"created_at":"2024-11-15T08:27:37.427Z","updated_at":"2026-02-02T09:28:35.139Z","avatar_url":"https://github.com/debricked.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"#\"/\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cimg width=\"150\" height=\"150\" src=\"/assets/CLI_logo_1024.png\" alt=\"Logo\"\u003e\n    \u003ch1 align=\"center\"\u003e\u003cb\u003eDebricked CLI\u003c/b\u003e\u003c/h1\u003e\n    \u003cp align=\"center\"\u003e\n    Safety through commandline.\n      \u003cbr /\u003e\n      \u003ca href=\"https://debricked.com\"\u003e\u003cstrong\u003edebricked.com »\u003c/strong\u003e\u003c/a\u003e\n      \u003cbr /\u003e\n      \u003cbr /\u003e\n    \u003c/p\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n`debricked` is Debricked's command line interface. It brings open source security, compliance and health to your\nproject via the command prompt. \n\nThis readme is specific for the use case of scanning Open Source with Debricked through [Fortify on Demand](https://www.microfocus.com/en-us/cyberres/application-security/fortify-on-demand). \nIf you are interested in the readme for Debricked standalone, it can be found [here](README.md).\n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003ca href=\"https://github.com/viktigpetterr/debricked-go-cli/actions/workflows/test.yml\"\u003e\n    \u003cimg src=\"https://github.com/viktigpetterr/debricked-go-cli/actions/workflows/test.yml/badge.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/viktigpetterr/debricked-go-cli/actions/workflows/debricked.yml\"\u003e\n    \u003cimg src=\"https://github.com/viktigpetterr/debricked-go-cli/actions/workflows/debricked.yml/badge.svg\" /\u003e\n  \u003c/a\u003e\n    \u003ca href=\"https://opensource.org/licenses/MIT\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/License-MIT-yellow.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/debricked/cli/releases/tag/release-v2\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/debricked/cli\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/debrickedab\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Twitter-00acee?logo=twitter\u0026logoColor=white\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.linkedin.com/company/debricked\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/LinkedIn-0077B5?logo=linkedin\u0026logoColor=white\" /\u003e\n  \u003c/a\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"/assets/debricked_resolve.png\" alt=\"CLI Screenshot\"\u003e\n  \u003cbr /\u003e\n\u003c/p\u003e\n\n## Installation\nCheck out the [releases](https://github.com/debricked/cli/releases/tag/release-v2) page. Choose the asset that is applicable for your system.\nBelow follow some common ways to install the CLI.\n### Linux\n```sh\ncurl -LsS https://github.com/debricked/cli/releases/download/release-v2/cli_linux_x86_64.tar.gz | tar -xz debricked\n```\n```sh\n./debricked\n```\n### Mac\n```sh\ncurl -LsS https://github.com/debricked/cli/releases/download/release-v2/cli_macOS_arm64.tar.gz | tar -xz debricked\n```\n```sh\n./debricked\n```\n### Windows\n1. [Download zip](https://github.com/debricked/cli/releases/download/release-v2/cli_windows_x86_64.tar.gz)\n2. Unpack zip\n```sh\n.\\debricked\n```\n### Docker\n```sh\ndocker pull debricked/cli\n```\n## Prepare for scanning open source through Fortify on Demand\nIf you're looking to scan your Open Source dependencies with Debricked through [Fortify on Demand](https://www.microfocus.com/en-us/cyberres/application-security/fortify-on-demand), \nthe Debricked CLI makes the preparation of your payload easy through the `debricked resolve` command. \n\n\u003e Note: Unlike scanning your open source through Debricked standalone, where the `debricked scan` command can be used, initating a scan through FoD is not possible using the Debricked CLI. You should therefore not use \"debricked scan\" as a user of FoD.\n\n### What is lock file resolution and why is it needed?\nLock file resolution is the process of using the dependencies requested in a manifest file (which most often is restricted to the direct dependencies of the project) to generate a lock file, containing all direct and indirect/transitive dependencies with locked versions, as well as the relations between the dependencies. \n\nGetting the complete information for all dependencies, with versions and their relations is important to ensure that Debricked can make a complete and accurate analysis of the project. It will also ensure that the generated SBOM is accurate and that the suggestions made for remediating potential issues are correct. \n\nMany package managers have support for building and maintaining native lock files from manifest files, while others do not. In most of these cases, there are still native commands that can be used to produce the same information.\n\n### How does the command work?\nOnce you've installed the CLI, you simply use `debricked resolve` to have Debricked generate the needed lock files for scanning, using FoD. The command identifies all eligible files in the current directory/payload and runs the necessary commands to generate the lock files.\n\nDebricked resolves into native lock files where possible, but uses custom Debricked lock formats when needed. To resolve manifest files (such as package.json and build.gradle) into lock files (eg. yarn.lock and the Debricked lock format gradle.debricked.lock), native commands from the package managers are used, such as `yarn install` and `gradle dependencies`. \n\nIt is therefore important that the package managers are installed, with the right versions, wherever you run the `debricked resolve` command. The best way to achieve this is to run it in a development or build environment.\n\nWhen the resolution is complete, you will see the list of files that were resolved. If the resolution were to fail, descriptive error messages from the respective package manager \nwill be shown in the output.\n\nFor more information on how resolution works, check out https://docs.debricked.com/tools-and-integrations/cli/debricked-cli/high-performance-scans.\n\n#### Private Registries\nIf a dependency is hosted on a private registry some configuration may be needed, depending on package manager. For more details see package manager specific resolution README files in the specific [package manager folder](https://github.com/debricked/cli/tree/main/internal/resolution/pm) or search the documentation of your package manager of choice.\n\n### CI/CD integration\nIf you would rather use `debricked` in your CI/CD pipelines, you can check out the [templates](examples/templates/README.md) for inspiration, replacing `scan` with `resolve`.\n\n## Contributing\nThank you for your interest in making Debricked CLI even better! Read more about contributing to the\nproject [here](CONTRIBUTING.md).\n\nAlso, make sure to check out the [Debricked Portal](https://portal.debricked.com/). There, you can share your great ideas with us! \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdebricked%2Fcli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdebricked%2Fcli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdebricked%2Fcli/lists"}