Application Security

On the CyberBytes podcast, Socket CEO Feross Aboukhadijeh discusses the challenges in OSS security, the hacker mindset, and the shift towards using proactive tools that go beyond traditional vulnerability scanning to prevent supply chain attacks.

The Tines team created an integration that generates and emails real-time vulnerability reports for repositories protected by Socket.

Deprecated npm packages are common in modern software projects. Learn about the risks of using unmaintained code, how to identify these packages, and evaluate alternatives.

This short history of protestware - from punch cards to package managers - explores the intriguing and controversial phenomenon of digital activism and the risks to open source supply chains.

An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.

Learn how to integrate Socket into your Bitbucket pipeline for added security, reducing your dependency supply chain risk!

Supply chain attacks that leverage typosquatting are steeply rising over previous years. Learn how Socket for GitHub and Socket CLI can protect your app.

A short walkthrough of how to integrate Socket into the Gitlab CI/CD process

How Socket uses LLMs to enhance both the analysis and explanation of open-source software packages.

What supply chain attacks are, and how Socket can help protect you from them.

Vulnerability scanners provide a false sense of security to appsec teams and do little to prevent supply chain attacks.

Exposing the flaws of traditional SCA tools, and introducing a solution.

Socket explains the newly released npm provenance provided by GitHub.

Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.

Confidence is good but overconfidence always sinks the ship.