What's new at Socket?

Socket is introducing three new customizable default security policies that should simplify configuration for many of our customers. They are based on extensive customer feedback and research and are aimed at reducing alert noise and managing false positives more effectively. We're also enabling several new alert types that were previously disabled.

New default security policies

• Low Noise (traditional SCA)
• Default (ideal for most customers
• Higher Noise (for more engaged teams.)

These policies are based on recent enhancements to our alert system:

• Block (formerly "Error"): Fails the Socket CI/CD check, blocking Pull Requests (PRs) or Merge Requests (MRs) until resolved.
• Warn: Highlights issues in PRs/MRs without blocking them, allowing for context-specific decisions.
• Monitor: Displays alerts in the Socket Dashboard for evaluation without cluttering the development workflow.
• Ignore: Filters out irrelevant alerts entirely.
  

Timeline for Enabling the New Security Policies

Transition Period (August 14 - August 28, 2024): Review changes and lock in your preferences.

New Policies Take Effect (From August 28, 2024): Unless you've locked in specific settings, your policy will automatically update to the new default policy on this date. You will also gain the ability to switch between the three new policy options and continue fine-tuning your settings.

Check out the blog announcement for more details on the timeline, along with a detailed breakdown of how specific alerts are handled in the new policies.