A New Overview in our Dashboard

Socket is always working behind the scenes, scanning GitHub pull requests, detecting risks, and surfacing alerts in our web dashboard. But it hasn't always been easy to see how much work we're doing to protect your code.

That changes today.

We've redesigned the Overview page in the Socket dashboard, carefully crafted with rich visualizations. I spent the past couple of weeks working on this update, and I'm excited to share it with you.

The new page gives you high-level charts, so that less than a minute is enough to know where the problems are and what needs your attention the most. Let's take a look at the new changes.

Repositories and scans#

At the top of the new Overview page, you’ll see a summary of how Socket is helping protect your codebase. On the left: a visualization of your repositories. On the right: a bar chart showing how often our GitHub bot is scanning dependencies—and how often it finds alerts.

Color is used intentionally and respectfully. Red appears only where there are real problems. Yellow and orange are used sparingly. We refrain from unnecessarily calling your attention with red icons, because our mission is to detect problems. Problems should look like problems, and everything else should sit in the background.

That’s why healthy repositories appear as gray bubbles. Repositories with a higher density of alerts—weighted by severity—are colored on a gradient from gray to yellow to red. The size of each bubble reflects how many third-party dependencies that repo has.

The result: in one glance, you can see your organization’s security posture. Repos with many alerts (and lots of dependencies) stand out. The color reflects the density of alerts—not the raw number—so smaller repos with proportionally more issues also get flagged appropriately.

The bar chart on the right shows how proactive we’ve been in scanning your pull requests over the past 30 days (or another time range of your choice), and how many of those scans triggered alerts.

Dependencies#

Next, we've added visualizations for your organization's dependencies. Two bar charts show how your dependencies rank in terms of package scores, and by ecosystem.

We know Socket’s package scores have been popular, but until now, there was no way to see aggregate trends. Now you can. The chart on the left shows how many of your dependencies score green (80–100), orange (60–80), or red (0–60). Since we rate packages across five dimensions, you can toggle between them—or stay with the overall score, which is the default.

The chart on the right shows how your dependencies are spread across languages. Following our principle of no extraneous color nor noise, this chart is in gray.

Alerts#

At the bottom of the page, you'll find a visual summary of current alerts grouped by severity, and within each severity, broken down by category. You may recognize this same chart from our new Analytics page.

This powerful visualization is unique to Socket. It's a half-donut chart that works like a speedometer. The outer arc (colored) can quickly tell you the proportion of critical alerts, or other severity levels. The inner arc (gray) shows the breakdown proportion of alerts by category. Splitting by category is important because it often maps to different teams. For example, security teams can focus on Security alerts while Legal and Compliance departments handle Legal alerts.

Finally, the number of alerts in the center gives you a notion of scale, and the "Review" call to action shows you the next step.

Socket focuses on finding real problems and guiding you to solve them. This new page helps you see what matters, by giving a high level picture of (1) your repositories covered by Socket, (2) the dependencies they bring in, and (3) the problems we found in those dependencies. Feedback, as always, is highly appreciated! We're continuously improving our product to meet your needs.