Skip to main content
Socket.dev

Overview

Socket.dev detects malicious and risky open source packages before they enter your codebase. The Pwnbook integration pulls supply chain alerts from Socket so your team can review and act on package-level risks in context.

Prerequisites

  • A Socket.dev account
  • A Socket API key
  • Admin or Owner access in Pwnbook

Setup

1

Get your Socket API key

  1. Log in to socket.dev.
  2. Go to Settings → API Keys.
  3. Create a new key and copy it.
2

Configure in Pwnbook

  1. Go to Organization Settings → Marketplace → Socket.dev.
  2. Enter your API Key and select the organizations to monitor.
  3. Click Save & Test.

What’s available

ViewDescription
AlertsActive supply chain alerts by severity (critical, high, medium, low)
Package detailAlert type, affected package version, and recommendation
Repository scopeFilter alerts by connected repository

Workbench card

The Socket.dev workbench card shows alert counts by severity across all monitored repositories.