Product

Socket now supports PHP with full Composer and Packagist integration, enabling developers to search packages, generate SBOMs, and protect their PHP dependencies from supply chain threats.

Scan results now load faster and remain consistent over time, with stable URLs and on-demand rescans for fresh security data.

Socket's new Alert Details page is designed to surface more context, with a clearer layout, reachability dependency chains, and structured review.

Campaign-level threat intelligence in Socket now shows when active supply chain attacks affect your repositories and packages.

Create and share saved alert views with custom tabs on the org alerts page, making it easier for teams to return to consistent, named filter sets.

Socket’s Rust and Cargo support is now generally available, providing dependency analysis and supply chain visibility for Rust projects.

Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection on top of hardened base images for Node.js, Python, and Rust.

Add real-time Socket webhook events to your workflows to automatically receive software supply chain alert changes in real time.

Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.

Bringing supply chain security to the next generation of JavaScript package managers

A safer, faster way to eliminate vulnerabilities without updating dependencies

Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.

Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.

Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.

Add real-time Socket webhook events to your workflows to automatically receive pull request scan results and security alerts in real time.

A single platform for static analysis, secrets detection, container scanning, and CVE checks—built on trusted open source tools, ready to run out of the box.

Socket is launching experimental protection for the Hugging Face ecosystem, scanning for malware and malicious payload injections inside model files to prevent silent AI supply chain attacks.

Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.

Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.

Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.

Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.

Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.

Socket’s new Pull Request Stories give security teams clear visibility into dependency risks and outcomes across scanned pull requests.

Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.