Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Product

Introducing Dependency Search

Get visibility and control over your open source dependencies, across your whole organization

Introducing Dependency Search

Bradley Meck Farias

Mikola Lysenko

Segun Adebayo

August 3, 2023


At Socket, our journey began with a clear and pressing mission: Make Open Source Safer. We've always believed in the power of open source, but it was frustrating to see how dependency security tools failed to address the real threats faced by developers. Their methods were imprecise, noisy, and reactive, often leaving developers in the lurch.

We set out to change that.

Our customers, including Figma, Vercel, and one of Canada's largest telecoms, have shown us that the need for a proactive and precise tool is real. They love Socket for its ability to provide visibility, defense-in-depth, and proactive supply chain protection for their JavaScript and Python dependencies. What sets us apart is our commitment to helping developers and security teams ship faster and spend less time on security busywork.

Today, we're excited to announce the launch of Dependency Search, a new feature that gives you visibility into your open source dependencies. With Dependency Search, you can query across your entire codebase to find out if you're using a specific dependency.

Here's how it works:

Dependency Search offers:

  • Real-time search capabilities across your entire codebase, ensuring you always have access to the latest dependency data.
  • Powerful query features, from package name searches to intricate ecosystem and version specific queries.
  • Historical Software Bill of Materials (SBOM) data, letting you track changes and trends over time.

Simply put, it's a tool designed to empower developers with the insights they need, when they need them.

Find Malware

Ever read a news piece about a compromised dependency and felt a shiver run down your spine? With Dependency Search, you can quickly check if you're using that specific package version across every repo in your organization. Confirm in moments that you haven't been affected, and sleep a little easier at night.

Detect Undisclosed Vulnerabilities

If you've ever been contacted privately about a potential vulnerability, you'll know the challenge: traditional SCA tools, which rely on publicly disclosed vulnerabilities (CVEs), can't detect whether you're using a dependency with those undisclosed risks. With Dependency Search, you gain the power to proactively spot packages that harbor privately-reported vulnerabilities. Rather than resorting to crafting your own solution or, even riskier, waiting for a public CVE disclosure, Dependency Search equips you with the immediate insights you need.

Operationalize SBOMs

The White House's directive on SBOMs emphasized their importance in software transparency. Sadly, few companies even collect SBOMs, let alone utilize them productively. Socket's Dependency Search isn't just about collecting these SBOMs but also providing actionable insights, thereby truly operationalizing them for your benefit.

Conclusion#

The launch of Dependency Search is just one of our recent announcements. This week, we also announced our $20M Series A funding, Go support, and a new Socket Chrome extension! We're committed to continuous innovation to make open source safer for everyone.

To experience the power of Dependency Search and other Socket features, install Socket for GitHub today. We're excited to see how you'll use these tools to improve your open source security.

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc