Socket for GitHub v2 Introduces Diff Reports, Speeds Up Scan Times

We're excited to announce a significant update to the Socket for GitHub app, which is now used by more than 5,000 organizations to protect their repositories. This update is a big step forward in our mission to provide developers with the most efficient and reliable tools for securing their software supply chain.

Version 2 of our GitHub app introduces support for diff reports with a web-based report viewer. This new feature enhances the way developers can interact with scan results, making it easier to understand and act on changes in packages.

Improved Language Support

In v2 we increased the reliability of our support for PyPI and Golang, which now offers a more comprehensive security analysis for a wider range of projects. Whether you're working in Python, Go, or JavaScript, Socket’s GitHub app ensures your dependencies are secure with every PR by analyzing packages for suspicious behavior and supply chain risks.

Enhanced Package Ignore Syntax

Understanding the need for customization in complex projects, we’ve introduced a new syntax for specifying package ignores based on Package URL (PURL). This feature gives developers more control over their scans, allowing for more precise and tailored security assessments. It ensures that your focus remains on the packages that matter most to you.

Decreased Scan Times

Efficiency and reliability are key in software development, and we understand that. With this update, we significantly decreased the scan times, ensuring that your projects move forward faster. Quicker scans mean faster feedback, enabling you to address potential security issues promptly and keep your development cycle uninterrupted.

Seamless Update to v2: No action required

No changes are necessary for current users of the Socket for GitHub app to take advantage of the new diff reports, improved language support, and faster scan times.

If you're new to our free GitHub app, it takes just two minutes to install and start protecting your repositories. The app automatically detects and blocks malware that is not covered by CVE's.

It also flags risky dependencies directly in your workflow when new or updated dependencies are detected. Socket for GitHub performs a comprehensive analysis of the packages and informs developers about the risks.

We're excited to see how these changes will empower developers to build more secure software in 2024. Stay tuned for more updates, and happy coding!