> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Socket.dev

> Monitor supply chain security alerts from Socket.dev in Pwnbook.

<img src="https://mintcdn.com/pwnbook/noJyYhCscAD7TYUE/logos/socket.png?fit=max&auto=format&n=noJyYhCscAD7TYUE&q=85&s=a685a6b633bde5017f0dff05fa249347" alt="Socket.dev" style={{ height: "32px", marginBottom: "16px" }} width="900" height="1000" data-path="logos/socket.png" />

## Overview

Socket.dev detects malicious and risky open source packages before they enter your codebase. The Pwnbook integration pulls supply chain alerts from Socket so your team can review and act on package-level risks in context.

## Prerequisites

* A Socket.dev account
* A Socket API key
* Admin or Owner access in Pwnbook

## Setup

<Steps>
  <Step title="Get your Socket API key">
    1. Log in to [socket.dev](https://socket.dev).
    2. Go to **Settings → API Keys**.
    3. Create a new key and copy it.
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Socket.dev**.
    2. Enter your **API Key** and select the **organizations** to monitor.
    3. Click **Save & Test**.
  </Step>
</Steps>

## What's available

| View                 | Description                                                          |
| -------------------- | -------------------------------------------------------------------- |
| **Alerts**           | Active supply chain alerts by severity (critical, high, medium, low) |
| **Package detail**   | Alert type, affected package version, and recommendation             |
| **Repository scope** | Filter alerts by connected repository                                |

## Workbench card

The **Socket.dev** workbench card shows alert counts by severity across all monitored repositories.
