What's new at Socket?

If no Known Exploited Vulnerabilities (KEVs) are found for a CVE alert, the modal will now clearly display "no known exploits."

You can now customize the header text shown in pull request alerts. From the GitHub settings page in the dashboard, click Customize the Header to open a dialog with a Markdown editor and live preview. If left empty, the default message will continue to be displayed.

The editor allows you to write your own Markdown message for PR comments, giving teams flexibility to include custom instructions or context.

Once saved, customized headers will appear in pull request comments made by the Socket bot.

The alerts page now displays both the vulnerable version range and the first patched version, making it easier to identify affected versions and upgrade paths.

Resolved an issue where alerts grouped by priority could appear in the wrong order. Alerts are now consistently sorted by highest priority score, ensuring alignment between the backend and UI.

Resolved an issue where the deduplication logic for package URLs (purls) did not retain the namespace. Maven and other namespaced packages are now correctly preserved in returned purl results.

The Socket Python CLI has been updated to use the renamed package socketdev at version 3.0.0. Dependency management has also been migrated from Rye to uv for improved workflow.

Crates that only include a Cargo.toml file can now have SBOMs generated, enabling full dependency analysis even when lockfiles are missing.

The Scans page now includes a “PRs” tab showing all pull requests and their status for dependency changes and detected alerts.

We added a new feedback widget on the Pull Request Scans page that lets users submit product feedback. Users can select an experience emoji and then provide free-form text feedback.

Users can now dynamically resize the insights panels on the Alerts, Dependencies, and Repositories pages. The panel remembers your preferred width and enforces minimum and maximum limits to keep the layout usable.