Product
Mikola Lysenko
Bradley Meck Farias
Alex Morais
December 21, 2023
We're thrilled to announce that our most-requested-feature-by-far is finally here: Organization Alerts. This new feature is a game-changer for security teams, providing a comprehensive view of all risks across your organization’s repositories – even if you have hundreds of thousands of dependencies across thousands of repositories.
Organization Alerts is our way of making your dependency security risks clearer and more manageable than ever before. They're the evolution of our previously launched Project Health Reports 1.0, but now offering a broader perspective.
Our existing Project Health Reports offer insights into the risks within a single repository. Our newly launched Organization Alerts take this a step further by enabling teams to monitor risks across all repositories within the organization.
Imagine having the ability to see every risk, in every repo, all in one place – that’s the power of Organization Alerts.
We know your time is precious. So we built an information-dense table view that shows everything that matters for each alert. We invested significant engineering effort to ensure that the performance is blazing fast, even if your organization has hundreds of thousands of dependencies across thousands of repositories, as many of our customers have.
We know each team has unique needs, so we've built robust filtering and grouping options. Want to zero in on specific repositories or alert severities? Easy. Curious about only supply chain risks or license issues? You got it. Group alerts by severity, category, or even package – you're in control. providing a tailored view that aligns with your team’s priorities.
Clicking on an alert reveals a world of detailed information. You’ll see comprehensive details specific to that alert type, including every repository within your organization that is affected. This feature brings clarity and specificity to vulnerability management, ensuring you’re always informed and ready to act.
If you're using Socket for GitHub, you'll see a live-updating view of all alerts present in the default branch of every repository in your organization. (Note: If you've enabled Socket on only some of your repositories, then you'll only see alerts for those repositories.)
CLI and API users can also use Organization Alerts by submitting their manifest files through the Dependency API. This will include your data in both the Organization Alerts and Dependency Search features. And yes, the classic Project Health Report view for single repositories is still there for you.
As part of today’s release, we're also excited to announce a significant enhancement to the Dependency Search feature. Previously, to populate Dependency Search, you needed to manually upload manifest files, such as package.json, requirements.txt, or go.mod, through the Socket API. Without this step, your Dependencies table would remain empty, and you'd potentially miss critical insights.
Dependency Search has always been a powerful tool, providing visibility over the open source dependencies used across your organization. It enables you to search in real-time across your entire codebase, identifying specific dependencies and uncovering potential risks. Whether it’s finding malware, detecting undisclosed vulnerabilities, or operationalizing SBOMs, Dependency Search has been a game-changer for many of our customers.
But now, we're taking it a step further. For those using Socket for GitHub, we have great news! We’re now automatically tracking every dependency listed in every manifest file across all repositories in your organization. At this time, we only track the default branch within each repository.
This enhancement eliminates the need for manual uploads, streamlining your workflow.
With this significant upgrade to Dependency Search, combined with the launch of Organization Alerts, we’re reinforcing our commitment to providing you with the most comprehensive tools to manage your open source security.
Organization Alerts will be rolling out to all Socket users over the next few days. Existing users can explore this new feature right away in the Socket dashboard. If you're new, getting started with Socket is as simple as installing Socket for GitHub or Socket CLI – it only takes two clicks.
We believe that Organization Alerts will massively improve how you view your Socket alerts across your organization, especially if you have hundreds or thousands of repositories in your organization.
But we're not finished yet. Here's what we're working on next:
Your feedback is crucial to us. If there’s a feature you desire, please submit your suggestions or contact us directly. If you're an enterprise customer or considering becoming one, we’d love to discuss your needs.
We're so excited to finally ship this much-requested feature and can't wait to keep shipping useful developer-first security tools to you in 2024 and beyond!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
