🎩 You're Invited:Meet the Socket team at Black Hat in Las Vegas, August 3-6.RSVP
Sign In

Changelog

What's new at Socket?

July 10

Socket Now Scans Yanked crates.io Versions Pinned in Cargo.lock

Socket now correctly scans crates.io package versions that have been yanked but remain pinned in a project’s Cargo.lock, preventing failures for projects that still depend on archived crate versions.

July 9

Repository-Scoped API Tokens Now Support Reachability Scans

Repository-scoped API tokens can now retrieve the supported-files list required to start reachability scans. This fixes an issue where scans authenticated with a repository-scoped token could fail with a 403 error before analysis began, making it easier to use least-privilege credentials with the Socket API.

July 6

Packagist Package Pages Now Surface Force-Pushed Tags

Packagist package pages now show the full commit history for tags that have been force-pushed, with the commit currently associated with the tag highlighted. This makes it easier to identify when a published package version has been retagged and review the commits it previously referenced.

July 3

Fix: Full Scan Metadata Now Matches the API Contract

Full scan metadata responses now consistently include the repository, workspace, report URL, API URL, and scan type fields documented in the API contract.

July 3

Private Package Scores Now Display as N/A

Private packages that Socket cannot score now display N/A instead of a numeric score in pull request comments and dependency views. This prevents private packages from appearing to have passed or failed analysis when no score is available.

July 2

Fix: Pull Request Pages No Longer Break After Renaming a Workspace

Fixed an issue where pull request detail pages could return a "Not Found" error after a workspace was renamed, even though the pull request still appeared in the list. Existing pull request links now continue to work after workspace renames without requiring any additional action.

June 30

New: AI-Reviewed Reachability Specifications

Organizations can now opt in to include AI-generated reachability specifications alongside human-verified ones, giving more vulnerabilities a reachability verdict.

This setting can be enabled under Settings → Alert Scans → Reachability. Once enabled, it applies across reachability analysis and broadens coverage, with a slightly higher risk of an incorrect result.

Alert details now include a Specification field that shows whether a reachability result came from an AI-generated or human-verified specification.

June 29

Redesigned Organization Switcher for Faster Navigation

The organization switcher has been redesigned to make it faster and easier to navigate. It now surfaces Settings and your organizations up front, and adds a searchable All organizations view for users who belong to multiple organizations.

June 23

Alert Titles Added to CSV Exports

Alerts CSV exports now include a human-readable Alert Title column, making it easier to identify CVEs directly from the export without cross-referencing the dashboard. Upgrade Version values are also now populated more consistently for vulnerability alerts.

June 16

Add Firewall events data export

For customers using Socket Firewall, it's now possible to export event logs to an external data source. To do so, click "Settings" -> "Data Export" -> "Create Integration" and choose "Telemetry events" as the data type.