1 of 5

High performance scans

High Performance Scans are currently available for Maven (pom.xml), Gradle (build.gradle), Go modules (go.mod), Pip (requirements.txt), NuGet (.csproj and packages.config), yarn (package.json), and composer (composer.json).

Some package managers do not have native support for maintaining lock files with complete information on dependency versions and relations. In order to guarantee fast and accurate scans for these package managers, it is necessary to first generate this information into a file before sending it to Debricked for scanning. Doing this also ensures that private dependencies are included in the scans and eliminates the need to send source code for a complete scan, since all information will be included in the generated file.

At Debricked, the High Performance Scans solution makes this process as simple as possible. This technology enables you to accurately and quickly resolve full dependency trees for repositories that don't have a lock file present. By using the lock file resolution technology to generate the needed files before sending them to the Debricked tool, all the drawbacks that come with trying to generate the files on our end are removed.

With High Performance Scans, you can generate Debricked lock files on your end, without us having to handle any of your source code. This approach improves the performance of the scans, especially when built into an existing pipeline that already builds the project. It also enables us to parse more accurate dependency results and obtain the relations of private dependencies without accessing anything other than the dependency files to scan your repository. Furthermore, it allows us to handle files of much bigger size.

The High Performance Scanning is highly customizable, allowing you to set it up to run in conjunction with a scan or in any other part of your pipeline.

Generate Debricked lock(tree) files using high performance scans

Speed up Debricked lock file resolution

The best approach for speeding up the generation of debricked lock files is to make sure that the dependencies that are used for building the project are cached on the system that Debricked CLI operates on. By doing so, Debricked CLI can utilize these locally installed dependencies instead of having to download them from the registries, which is a time-consuming task. Package managers cache their dependencies differently, so if you set up dependency caching for your package manager, Debricked CLI will be able to utilize that out of the box and in the process make the debricked lock file resolution snappier.

Example:

Maven is a commonly used build automation tool (and package manager) in the Java world. When Maven downloads dependencies for a project the dependencies are by default cached in the directory ~/.m2/repository. If Debricked CLI is used to resolve a Maven project on this system, instead of downloading dependencies, the ~/.m2/repository directory is first checked and if the currently processed dependency is already downloaded it will be reused.

Error handling

The resolution feature utilizes package managers to create Debricked lock files, which works smoothly for simpler projects. For more complex projects, there might be certain project requirements that the Debricked CLI cannot interpret.

To account for that, the resolution feature is built to be as transparent as possible, showing you what went wrong, in order to assist in solving the issue. An example of such an error is when privately hosted dependencies are built into the project - if Debricked CLI cannot resolve these private dependencies the error given by the package manager will be displayed for you.