July 28
Socket now supports Scala and Kotlin, extending JVM coverage beyond Java. Developers can now easily generate manifests with sbt or Gradle and run fast, AI-powered scans to catch malicious dependencies and other indicators of supply chain risk.
Read the announcement post or check out our Scala setup docs and Kotlin setup docs to get started.
July 25
The Dependency Search API now supports passing a list of purl (Package URL) strings in the request body. This enables you to search for specific dependencies within your environment, rather than just listing all detected dependencies.
July 25
We fixed several issues around default branch detection and scanning behavior in the Python CLI:
--default-branch
flag is correctly prioritized over SCM detection.July 24
The Insights panel on the Alerts page now includes a trend chart to help visualize how alerts change over time. This enhancement offers better visibility into alert patterns and trends, paving the way for the upcoming Analytics V3 experience.
July 24
We’ve raised the maximum number of files that can be submitted in an API full-scan or diff-scan from 1,000 to 5,000 files, allowing larger projects and repos to be scanned without hitting file count limits.
July 24
We’ve enhanced how the Python CLI detects and scans files in commits, making it more reliable and accurate:
July 19
We’ve added support for displaying the EPSS (Exploit Prediction Scoring System) score and percentile in the AlertModal. This provides better context for prioritizing vulnerabilities by showing the likelihood that a vulnerability will be exploited in the wild.
July 8
You can now upload gradle.lockfile
files directly to Socket! This means Gradle projects no longer need to generate a CycloneDX SBOM to take advantage of Socket’s deep dependency analysis.
Using gradle.lockfile
gives you more reproducible builds and improves protection against dependency hijacking—no more risk of a transitive dependency quietly changing under your nose.
If you're not using lockfiles yet, now’s a great time to start:
dependencyLocking.lockAllConfigurations()
Then run:
./gradlew dependencies --write-locks
…and commit the generated gradle.lockfile
to your repo.
July 8
We've added CISA Known Exploited Vulnerabilities (KEV) data to the alert modal in the Socket Dashboard.
What’s new:
This helps you prioritize the most dangerous issues faster by identifying alerts tied to real-world exploitation.
July 4
What’s new:
api
event type in GitLab pipelines, preventing CLI errors when triggered via API events.--license-file-name
license_output.json
) instead of relying on auto-generated names from repo/branch, which could sometimes produce invalid paths.This update improves both stability and flexibility when running Socket in GitLab CI environments.