Product
Bradley Meck Farias
Mikola Lysenko
Segun Adebayo
August 3, 2023
At Socket, our journey began with a clear and pressing mission: Make Open Source Safer. We've always believed in the power of open source, but it was frustrating to see how dependency security tools failed to address the real threats faced by developers. Their methods were imprecise, noisy, and reactive, often leaving developers in the lurch.
We set out to change that.
Our customers, including Figma, Vercel, and one of Canada's largest telecoms, have shown us that the need for a proactive and precise tool is real. They love Socket for its ability to provide visibility, defense-in-depth, and proactive supply chain protection for their JavaScript and Python dependencies. What sets us apart is our commitment to helping developers and security teams ship faster and spend less time on security busywork.
Today, we're excited to announce the launch of Dependency Search, a new feature that gives you visibility into your open source dependencies. With Dependency Search, you can query across your entire codebase to find out if you're using a specific dependency.
Here's how it works:
Dependency Search offers:
Simply put, it's a tool designed to empower developers with the insights they need, when they need them.
Ever read a news piece about a compromised dependency and felt a shiver run down your spine? With Dependency Search, you can quickly check if you're using that specific package version across every repo in your organization. Confirm in moments that you haven't been affected, and sleep a little easier at night.
If you've ever been contacted privately about a potential vulnerability, you'll know the challenge: traditional SCA tools, which rely on publicly disclosed vulnerabilities (CVEs), can't detect whether you're using a dependency with those undisclosed risks. With Dependency Search, you gain the power to proactively spot packages that harbor privately-reported vulnerabilities. Rather than resorting to crafting your own solution or, even riskier, waiting for a public CVE disclosure, Dependency Search equips you with the immediate insights you need.
The White House's directive on SBOMs emphasized their importance in software transparency. Sadly, few companies even collect SBOMs, let alone utilize them productively. Socket's Dependency Search isn't just about collecting these SBOMs but also providing actionable insights, thereby truly operationalizing them for your benefit.
The launch of Dependency Search is just one of our recent announcements. This week, we also announced our $20M Series A funding, Go support, and a new Socket Chrome extension! We're committed to continuous innovation to make open source safer for everyone.
To experience the power of Dependency Search and other Socket features, install Socket for GitHub today. We're excited to see how you'll use these tools to improve your open source security.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
