Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

Product

Socket for GitHub v2 Introduces Diff Reports, Speeds Up Scan Times

The latest update of Socket for GitHub features a new web-based diff report viewer, enhanced support for PyPI and Golang, faster scan times, and a new syntax for specifying package ignores.

Socket for GitHub v2 Introduces Diff Reports, Speeds Up Scan Times

Sarah Gooding

January 24, 2024


We're excited to announce a significant update to the Socket for GitHub app, which is now used by more than 5,000 organizations to protect their repositories. This update is a big step forward in our mission to provide developers with the most efficient and reliable tools for securing their software supply chain.

Version 2 of our GitHub app introduces support for diff reports with a web-based report viewer. This new feature enhances the way developers can interact with scan results, making it easier to understand and act on changes in packages.

Improved Language Support

In v2 we increased the reliability of our support for PyPI and Golang, which now offers a more comprehensive security analysis for a wider range of projects. Whether you're working in Python, Go, or JavaScript, Socket’s GitHub app ensures your dependencies are secure with every PR by analyzing packages for suspicious behavior and supply chain risks.

Enhanced Package Ignore Syntax

Understanding the need for customization in complex projects, we’ve introduced a new syntax for specifying package ignores based on Package URL (PURL). This feature gives developers more control over their scans, allowing for more precise and tailored security assessments. It ensures that your focus remains on the packages that matter most to you.

Decreased Scan Times

Efficiency and reliability are key in software development, and we understand that. With this update, we significantly decreased the scan times, ensuring that your projects move forward faster. Quicker scans mean faster feedback, enabling you to address potential security issues promptly and keep your development cycle uninterrupted.

Seamless Update to v2: No action required

No changes are necessary for current users of the Socket for GitHub app to take advantage of the new diff reports, improved language support, and faster scan times.

If you're new to our free GitHub app, it takes just two minutes to install and start protecting your repositories. The app automatically detects and blocks malware that is not covered by CVE's.

It also flags risky dependencies directly in your workflow when new or updated dependencies are detected. Socket for GitHub performs a comprehensive analysis of the packages and informs developers about the risks.

We're excited to see how these changes will empower developers to build more secure software in 2024. Stay tuned for more updates, and happy coding!

Subscribe to our newsletter

Get notified when we publish new security blog posts!

Try it now

Ready to block malicious and vulnerable dependencies?

Install GitHub AppBook a demo

Related posts

Back to all posts
SocketSocket SOC 2 Logo

Product

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc