Subscribe to get notified when we publish new security blog posts.
At Socket, our journey began with a clear and pressing mission: Make Open Source Safer. We've always believed in the power of open source, but it was frustrating to see how dependency security tools failed to address the real threats faced by developers. Their methods were imprecise, noisy, and reactive, often leaving developers in the lurch.
We set out to change that.
Today, we're excited to announce the launch of Dependency Search, a new feature that gives you visibility into your open source dependencies. With Dependency Search, you can query across your entire codebase to find out if you're using a specific dependency.
Here's how it works:
Dependency Search offers:
Simply put, it's a tool designed to empower developers with the insights they need, when they need them.
Ever read a news piece about a compromised dependency and felt a shiver run down your spine? With Dependency Search, you can quickly check if you're using that specific package version across every repo in your organization. Confirm in moments that you haven't been affected, and sleep a little easier at night.
If you've ever been contacted privately about a potential vulnerability, you'll know the challenge: traditional SCA tools, which rely on publicly disclosed vulnerabilities (CVEs), can't detect whether you're using a dependency with those undisclosed risks. With Dependency Search, you gain the power to proactively spot packages that harbor privately-reported vulnerabilities. Rather than resorting to crafting your own solution or, even riskier, waiting for a public CVE disclosure, Dependency Search equips you with the immediate insights you need.
The White House's directive on SBOMs emphasized their importance in software transparency. Sadly, few companies even collect SBOMs, let alone utilize them productively. Socket's Dependency Search isn't just about collecting these SBOMs but also providing actionable insights, thereby truly operationalizing them for your benefit.
The launch of Dependency Search is just one of our recent announcements. This week, we also announced our $20M Series A funding, Go support, and a new Socket Chrome extension! We're committed to continuous innovation to make open source safer for everyone.
To experience the power of Dependency Search and other Socket features, install Socket for GitHub today. We're excited to see how you'll use these tools to improve your open source security.
Socket Security Scan
Socket AI detected a malicious package on PyPI that had an abnormally high potential impact and the Socket security researchers investigated finding malicious behavior.