Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Product
Arjun Barrett
June 22, 2023
The Socket Security extension for VSCode now fully supports Python and will highlight issues in your Python dependencies automatically. Projects using Pipfile
, pyproject.toml
, requirements.txt
, and setup.py
are now able to view Socket issues for their Python dependencies in both the VSCode "Problems" tab and the editor itself. The extension integrates with VSCode's official Python extension to provide full support for all current and future Python 3 versions (plus support for the legacy Python 2.7.18).
Problematic package imports in Python files will now also show diagnostic warnings when you hover over them, even in dynamic import expressions. With this change, we've matched our Python support in VSCode with that of JavaScript and TypeScript.
We've been hard at work adding support for new issues in Python over the last few months, and with this update the VSCode extension will automatically highlight any new issues Socket finds in your project as we improve our internal detections. You can rest easy knowing your project will only become more secure as time goes on.
We have exciting plans for our VSCode integration in the near future! You'll soon be able to synchronize your issue highlights with your organization settings and even use the extension on web-based VSCode instances like github.dev.
Want to defend your entire organization against supply chain attacks? Install the Socket Security GitHub app for free and get protected today!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.