Bret Comnes
January 27, 2023
Dashboards are the easiest way to not have to go digging around in the depths of APIs and emails to find what you need and how to do what you need to do. To that end, Socket Security has been launching quietly our own dashboard. The dashboard allows centralized exploration or management of many things that previously were only available in a decentralized manner requiring discovery through things like clicking into GitHub pull requests to find historical data.
Like every feature, the questions become what best serves the people using the feature. As a dashboard this is complex because it is actually used as a focal point from which all other features can be configured, enhanced, or investigated. There are a lot of features here but lets get into the thick of it!
Right now it is possible to configure what issues Socket Security reports as hidden or shown for things like the GitHub app or the CLI using a socket.yml file in each repository. The Socket Security dashboard allows configuring this at an organization level and avoids putting files in every repository. At the same time, having this organization level setting allows security teams to quickly change organization level settings without needing to send pull requests to all the repositories affected.
API Keys are critical when using the Socket API or CLI. The dashboard allows creating new API keys, revoking them, and even rotating them with ease. Additionally, these API keys can leverage organization level settings as well to get automatic configuration!
These keys are also important for audits. Knowing when a key was last used and when it was first created allows understanding impacts of security events involving them when you decide to revoke or rotate them.
Reports for projects can be done in several ways and this can lead to a lot of things going on. Being able to see reports across your entire organization allows for quickly cross referencing common issues to help understand what is going on and what may need to be configured or when an issue was first introduced.
Organizations are not tied to individual accounts and have multiple membership levels. As people require access to Socket Security or need to be removed, your team can use self service features to do so. These management features allow simple sharing of invitations using either email or link.
One of the most important things when using organizations is allowing allowing encapsulation. Having to login/logout to change organizations is not ideals from an experience standpoint, but more interestingly it leaks a potential issue with organizations. If a user cannot have multiple organizations it leads to fake emails, email aliases, and other trickery to make things work. Socket Security's dashboard gives first class experience to not only organizations with multiple users, but users with multiple organizations. One of the most common situations for this is isolating work for things like Open Source Software (OSS) versus internal work. A security team can manage both organizations easily by using the dashboard.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
