Socket (@SocketSecurity) / X

Socket

3,174 posts

Socket

@SocketSecurity

Socket is the #1 software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware

https://socket.dev/careers

Joined November 2021

Pinned
Socket
@SocketSecurity
May 22
Today is a big day for Socket.
Feross
@feross
May 20
Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies
25K
Socket
@SocketSecurity
14h
🛡️ @bradarkin has led security and trust at Salesforce, Cisco, and Adobe. Now he’s joined Socket as a strategic advisor. His first post digs into a fast-growing blind spot: AI agents pulling packages into environments no scanner is watching. The code you didn’t write is still
The Code You Didn't Write Is Still Yours to Defend - Socket
From socket.dev
2.4K
Socket reposted
Socket
@SocketSecurity
Jun 21
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
GitHub Actions Checkout Now Blocks Risky pull_request_target...
From socket.dev
26K
Socket reposted
Seb ⚛️ ThisWeekInReact.com
@sebastienlorber
Jun 22
👀 GitHub + pull_request_target actions/checkout v7 now blocks risky checkout patterns by default 🎉 Great news for the ecosystem, fewer supply chain attack vectors. Let's remind recent security incidents due to this: TanStack, Nx, PostHog, LiteLLM, and more
Socket
@SocketSecurity
Jun 21
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks. socket.dev/blog/github-ac…
11K
Socket reposted
Vlad Sazonau
@vladsazonau
Jun 21
Very good news!
Socket
@SocketSecurity
Jun 21
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks. socket.dev/blog/github-ac…
3.8K
Socket reposted
François Best
@fortysevenfx
Jun 21
Some alternatives to pull_request_target: - pull_request (runs only in your repo, not in forks) - workflow_dispatch In all cases: - Never checkout untrusted code - Watch out for injection via template interpolation ${{ }} - Run zizmor & actionlint to verify your workflows.
Socket
@SocketSecurity
Jun 21
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks. socket.dev/blog/github-ac…
4.2K
Socket reposted
CloudSecList
@CloudSecList
Jun 21
📖 CloudSecList Issue 343 is live, with content from @Mitiga_io @datadoghq @permisosecurity @HuntressLabs @SocketSecurity @Doyensec and more!
cloudseclist.com
📖 [The CloudSecList] Issue 343
Issue 343 of CloudSecList
1.7K
Socket
@SocketSecurity
Jun 21
Not a moment too soon! 😅 GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
GitHub Actions Checkout Now Blocks Risky pull_request_target...
From socket.dev
26K
Socket
@SocketSecurity
Jun 19
🚀 Socket Launch Week Day 5: Introducing Repository Access Permissions and Custom Roles. Custom Roles set what a user can do. Repository Access Permissions set which repos those actions apply to. Apply least-privilege access without forcing members into broad built-in roles.
2.8K
Socket
@SocketSecurity
Jun 19
⭐️ Highlights: - Build custom roles from a base role or from scratch - Scope members to selected repos or all repos - See inherited vs. added permissions separately - Audit every access change ⚡️Available now to all org admins: socket.dev/blog/introduci…
1.2K
Socket reposted
Socket
@SocketSecurity
Jun 18
🚀 Socket Launch Week Day 4: Socket MCP is getting a massive update! You can now review org alerts, inspect package artifacts, investigate suspicious packages, and use the Socket threat feed directly from your AI assistant.
00:00
8.3K
Socket reposted
tuckner
@tuckner
Jun 18
So excited to bring new features to the Socket MCP! Not only can you pull your alerts but you can investigate them deeply at a package level to really understand how they impact your organization!
Socket
@SocketSecurity
Jun 18
🚀 Socket Launch Week Day 4: Socket MCP is getting a massive update! You can now review org alerts, inspect package artifacts, investigate suspicious packages, and use the Socket threat feed directly from your AI assistant.
00:00
4.4K
Socket
@SocketSecurity
Jun 18
🚀 Socket Launch Week Day 4: Socket MCP is getting a massive update! You can now review org alerts, inspect package artifacts, investigate suspicious packages, and use the Socket threat feed directly from your AI assistant.
00:00
8.3K
Socket
@SocketSecurity
Jun 18
Security teams can ask follow-up questions across alerts, package contents, threat intelligence, and determine org exposure in one place, without clicking through dashboards, registries, and local tooling. ⚡️ Try Socket MCP → socket.dev/blog/socket-mc…
1.7K
Socket reposted
Socket
@SocketSecurity
Jun 16
New Socket research: We’re seeing more packages designed to trip up AI malware scanners. This new npm package uses prompt-injection-style comments, safety-triggering content, context flooding, and obfuscated JS to probe where scanners refuse, truncate, or miss the code that
18K