July 31
You can now create license overlays in Socket to customize how license information appears in your dependency tree.
What you can do:
1.*
)This is especially useful for handling messy edge cases like nonstandard license fields, multi-license files, or embedded content that doesn’t apply to your use case.
Read the announcement to learn more and see examples.
July 31
Socket now supports the Rust and Cargo ecosystem, bringing supply chain protection to one of the fastest-growing developer communities.
Cargo.toml
+ Cargo.lock
for accurate analysisTo enable SBOM generation, contact our team. Read the full announcement for details and roadmap.
July 31
The Socket GitHub app now triggers full scans and check runs for commits that land via GitHub Merge Queues, ensuring your default branch stays secure, no matter how code gets merged.
What’s new:
main
, just like regular PR mergesSocket Security: Project Report
Permissions Update
To support this, the GitHub app now requires the “Merge queue” permission. New installs already have this; existing orgs will see a permission request to upgrade.
July 30
Socket now automatically flags unreachable CVEs using precomputed reachability analysis, with no setup required.
package-lock.json
, requirements.txt
)It's available now for all Team and Enterprise users. Read the announcement for more details and check out the Reachability Analysis docs to see a full breakdown of features, tiers, and what's coming next on our roadmap.
July 30
We’ve fixed an issue where PURL-based dependency searches only returned results from a single repository, even when the same package existed across multiple repos.
This improves visibility and ensures teams get full coverage when auditing package usage across multiple projects.
July 30
The Overview page now features a CVE Funnel Chart that helps you quickly focus on the most actionable vulnerabilities.
This update replaces the old scan bar chart and gives teams a clearer picture of real risk, not just raw counts.
July 29
Socket is expanding beyond open source packages to scan Chrome extensions for malware, risky permissions, and silent supply chain attacks.
We’re currently inviting organizations to join our pilot program for early access. Check out the announcement for details on how Socket identifies threats and monitors updates across 200,000+ extensions.
July 29
Socket MCP is now available as a Claude Desktop Extension, bringing secure dependency scanning directly into your coding conversations. With a single click, you can ensure that any code generated or dependencies recommended by Claude are safe from malicious packages and supply chain attacks.
Getting Started
Check out the full announcement for details and examples.
July 28
Socket now supports Scala and Kotlin, extending JVM coverage beyond Java. Developers can now easily generate manifests with sbt or Gradle and run fast, AI-powered scans to catch malicious dependencies and other indicators of supply chain risk.
Read the announcement post or check out our Scala setup docs and Kotlin setup docs to get started.
July 25
You can now see the last 7 EPSS scores directly in the interface. A new popover provides a quick view of score history with improved rendering, including higher precision for fractional digits.