Debricked Reviews & Product Details

Debricked's SCA-tool allows you to manage your open source in an easy, smart and efficient manner. Automatically find, fix and prevent vulnerabilities, avoid non compliant licenses and evaluate the health of your dependencies - all in one tool. Security - Your developers shouldn't have to be security experts in order to write secure code. Debricked helps your developers automate open source security in their own pipelines and generate fixes with a button click. License Compliance - Make open source compliance a non issue by automating the prevention of non compliant licenses. Set customizable pipeline rules and make sure to be ready for launch year round. Community Health - Help your developers make informed decisions when choosing what open source to use. Search for name or functionality and easily compare similar projects side by side on a set of health metrics.

Seller

Debricked

Discussions

Debricked Community

Languages Supported

English

Overview by

Joanna Qvarnström

Pricing

Pricing provided by Debricked.

Premium

€25.00

1 Contributing developers Per Month

Enterprise

Contact Us

1 Contributing developers Per Year

View More Pricing Information

Top-Rated Alternatives

View All Alternatives

Debricked Media

In this view you can see all your repositories, the groups you've created and the status of each one.

Debricked Demo - Automated Fix Pull Request

Fix vulnerabilities with a simple button click

In this view you can see all vulnerabilities, their severity score and status.

Looking at a specific CVE, vulnerability, you can see all the info about origin, severity, status and if there's a fix available.

In this view you can look at all your dependencies, direct and indirect, and better understand their security, license and health status.

The clever automation engine lets you create policies for your teams or entire organization based on your preferences. The screenshots shows examples of rules.

G2 reviews are authentic and verified.

Here's how.

SS

Sagar S.

Technical Consultant

Mid-Market (51-1000 emp.)

3/15/2026

"Developer-First SCA with Fast Scans, Auto Fix PRs, and Clear SBOM Visibility"

5/5

What do you like best about Debricked?

1. Developer-first design: Debricked integrates directly into CI/CD pipelines (GitHub, GitLab, Azure DevOps, Bitbucket). Developers get immediate feedback on vulnerable dependencies during development, rather than only after release. This helps shift security left in the SDLC.

2. Strong Software Composition Analysis (SCA): It automatically scans open-source dependencies across the codebase and identifies vulnerabilities (CVEs), outdated libraries, and security risks in transitive dependencies. It also provides clear remediation suggestions.

3. Automated fix pull requests: One of Debricked’s best features is that it can automatically generate pull requests to update vulnerable libraries, which saves developers a lot of manual effort.

4. SBOM and dependency visibility: It generates a Software Bill of Materials (SBOM), and the visual dependency tree makes it easier for teams to understand which libraries depend on what.

5. Lightweight and fast: Compared to some traditional security tools, Debricked scans are fast and easy to integrate, which developers tend to appreciate.

6. Open-source license compliance: It detects license issues (GPL, Apache, MIT, etc.) and helps organizations avoid legal or compliance risks. Review collected by and hosted on G2.com.

What do you dislike about Debricked?

One thing I dislike about Debricked is that, although it’s very strong at identifying vulnerable open-source dependencies, it can sometimes fall short on the deeper analysis capabilities that some more mature SCA tools offer. For instance, it may flag vulnerabilities that are technically present in a dependency but not actually reachable within the application, which then requires developers to do additional manual verification. Also, while Debricked integrates well with common CI/CD platforms, I think the overall ecosystem of integrations and the reporting customization options could be broader, especially for large enterprise environments. Overall, it’s a powerful, developer-friendly tool, but there’s still room to improve advanced analysis and enterprise-level reporting features. Review collected by and hosted on G2.com.

What problems is Debricked solving and how is that benefiting you?

Debricked addresses the security risks that open-source dependencies can introduce in modern software development. Since most applications rely heavily on third-party libraries, it’s hard for developers to manually keep track of vulnerabilities, outdated packages, and license compliance issues. Debricked streamlines this by continuously scanning dependencies in the codebase, flagging known vulnerabilities (CVEs), and offering clear guidance on how to remediate them. For me, this means better visibility into the open-source components in use, faster prioritization of security issues, and the ability to fix vulnerabilities earlier in the development lifecycle through CI/CD integration and automated pull requests. Overall, it strengthens application security while reducing the manual effort involved in managing open-source risk. Review collected by and hosted on G2.com.

AR

Verified User in Renewables & Environment

Small-Business (50 or fewer emp.)

11/18/2022

"Powerful and easy to integrate"

5/5

What do you like best about Debricked?

First of all, I was impressed with the seamless integration, I've used Debricked for both Gitlab and Github CI/CDs and it hazzlefree to get started and setting it up. Moving deeper into actual value, I find it easy to use and with highly accurate data; meaning I spend less time investigating "false" vulnerabilities. Furthermore, the ability to codify policies and SLA's on security and compliance have helped me build great behaviours around the risks of using open-source dependencies. Review collected by and hosted on G2.com.

What do you dislike about Debricked?

Previously, there has been some performance issues, with a few scans here and there taking longer to complete. It is obvious that this has been a priority for them to solve and since about a year ago the performance has been steady and scans are now really quick. Review collected by and hosted on G2.com.

ML

Marcus L.

Product Specialist

Small-Business (50 or fewer emp.)

8/18/2022

"Easy-to-use tool that is both easy to set up and quick in giving you a result"

4.5/5

What do you like best about Debricked?

The ease of setting things up and getting your first result. Debricked integrates very well with most popular development environments. The documentation is also very helpful when needed. Review collected by and hosted on G2.com.

What do you dislike about Debricked?

There was a re-design some time back and there are still small mismatches between the actual GUI and the documentation. There is also some peculiar GUI behavior on some pages, but all in all very minor things to note. Review collected by and hosted on G2.com.

EG

Erçetin G.

teknisyen

Small-Business (50 or fewer emp.)

11/3/2022

"Evaluation"

5/5

What do you like best about Debricked?

Full control of security, compliance, and health with a toolkit that will revolutionize the way you use open source Review collected by and hosted on G2.com.

What do you dislike about Debricked?

Full control of security, compliance, and health with a toolkit that will revolutionize the way you use open source Review collected by and hosted on G2.com.

BG

Björn G.

Consulting and technical manager

Mid-Market (51-1000 emp.)

8/17/2022

"Powerful, yet simple"

4.5/5

What do you like best about Debricked?

The Debricked tool is powerful yet simple. I put it in the hands of junior developers and have them get value from it immediately, and it makes the lead programmers pay attention to their results. Their latest addition - the open source search tool displaying project health - is great. Review collected by and hosted on G2.com.

What do you dislike about Debricked?

At times the performance is low, but this has improved. Review collected by and hosted on G2.com.