You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket

Changelog

What's new at Socket?

July 28

Scala and Kotlin Support (Beta)

Socket now supports Scala and Kotlin, extending JVM coverage beyond Java. Developers can now easily generate manifests with sbt or Gradle and run fast, AI-powered scans to catch malicious dependencies and other indicators of supply chain risk.

Read the announcement post or check out our Scala setup docs and Kotlin setup docs to get started.

July 25

Enhanced Dependency Search API

The Dependency Search API now supports passing a list of purl (Package URL) strings in the request body. This enables you to search for specific dependencies within your environment, rather than just listing all detected dependencies.

July 25

Python CLI: Improved Default Branch Detection

We fixed several issues around default branch detection and scanning behavior in the Python CLI:

  • Fixed default branch detection in git repositories, ensuring reliable SCM behavior.
  • Resolved cases where scans were skipped when manifest files hadn’t changed — scans now always run as expected.
  • Ensured the --default-branch flag is correctly prioritized over SCM detection.
  • Improved GitLab CI integration to correctly detect the default branch.
  • Enhanced git auto-detection for repository details (branch, commit SHA, message, committer, and changed files).
  • Simplified CI/CD usage by adding production-ready workflow examples for GitHub Actions, GitLab CI, and Bitbucket Pipelines.

July 24

New Alerts Trend Chart in Insights Panel

The Insights panel on the Alerts page now includes a trend chart to help visualize how alerts change over time. This enhancement offers better visibility into alert patterns and trends, paving the way for the upcoming Analytics V3 experience.

July 24

Increased File Limit for Full and Diff Scans

We’ve raised the maximum number of files that can be submitted in an API full-scan or diff-scan from 1,000 to 5,000 files, allowing larger projects and repos to be scanned without hitting file count limits.

July 24

Python CLI: Improved File Detection in Commit Scans

We’ve enhanced how the Python CLI detects and scans files in commits, making it more reliable and accurate:

  • Fixed file detection logic that previously missed changed manifest files, ensuring proper scanning of commits.
  • Improved parsing of file inputs (list, string, JSON) to handle various formats more robustly.
  • Enhanced detection of git repository changes and filtering of manifest files for commit-based scans.
  • Resolved issues where scans would incorrectly skip when manifest files were present in commits.

July 19

EPSS Score Now Visible in Alert Modal

We’ve added support for displaying the EPSS (Exploit Prediction Scoring System) score and percentile in the AlertModal. This provides better context for prioritizing vulnerabilities by showing the likelihood that a vulnerability will be exploited in the wild.

July 8

Introducing Native Gradle Lockfile Support

Native Gradle Lockfile Support in Socket

You can now upload gradle.lockfile files directly to Socket! This means Gradle projects no longer need to generate a CycloneDX SBOM to take advantage of Socket’s deep dependency analysis.

Using gradle.lockfile gives you more reproducible builds and improves protection against dependency hijacking—no more risk of a transitive dependency quietly changing under your nose.

If you're not using lockfiles yet, now’s a great time to start:

dependencyLocking.lockAllConfigurations()

Then run:

./gradlew dependencies --write-locks

…and commit the generated gradle.lockfile to your repo.

July 8

Alert Modal Now Displays Known Exploited Vulnerabilities (KEV) Data

We've added CISA Known Exploited Vulnerabilities (KEV) data to the alert modal in the Socket Dashboard.

What’s new:

  • A dedicated “Known Exploits” section appears when relevant, highlighting vulnerabilities actively exploited in the wild
  • Quick access to critical context from CISA’s KEV catalog, surfaced directly in-package alerts

This helps you prioritize the most dangerous issues faster by identifying alerts tied to real-world exploitation.

July 4

Python CLI: GitLab api Event Support + Safer License File Naming

What’s new:

  • Added support for the api event type in GitLab pipelines, preventing CLI errors when triggered via API events.
  • Introduced a new CLI flag: --license-file-name
    This allows you to specify a safe, static output filename (defaults to license_output.json) instead of relying on auto-generated names from repo/branch, which could sometimes produce invalid paths.

This update improves both stability and flexibility when running Socket in GitLab CI environments.