Socket
Monitor your open source supply chain security with Socket. This integration ingests organizations, repositories, software packages and their dependency trees, security alerts, and vulnerability findings to provide visibility into supply chain risks, malware, typosquatting, and known CVEs across your dependencies.
- Installation
- Authorization
- Data Model
- Types
- Release Notes
Installation
You will need a Socket.dev API key to configure this integration. API keys can be created in the Socket dashboard under Settings > API Keys. See the Socket API documentation for more information.
To install the Socket integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Socket. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
API Key - Your Socket.dev API key (Bearer token) used to authenticate requests.
-
Polling Interval - Select a frequency that meets your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.
Configuration options
Alerts
| Field | Type | Description | Default |
|---|---|---|---|
| Alert Severities | Multi-select | Select which alert severities to ingest | Critical, High |
| Alert Statuses | Multi-select | Select which alert statuses to ingest | Open |
| Alerts Since Days | Select | Only ingest alerts created in the last N days | 90 |
Packages
| Field | Type | Description | Default |
|---|---|---|---|
| Include Transitive Dependencies | Boolean | Whether to ingest transitive (indirect) dependencies from full scans. Enabling this can produce very large graphs. | Enabled |
| Repositories | String | Comma-separated list of repository names to ingest. Leave empty to ingest all repositories. | All |
What data is ingested?
| Data | Description |
|---|---|
| Organizations | Your Socket.dev organization account |
| Repositories | Code repositories monitored by Socket, with mapped relationships to GitHub repos when the GitHub App is installed |
| Packages | Software packages and dependencies discovered via full scans, including health scores (overall, license, maintenance, quality, supply chain, vulnerability) |
| Dependency Trees | Package-to-package USES relationships representing the dependency graph within each repository |
| Alerts | Security alerts for non-CVE issues (malware, typosquatting, install scripts, etc.) |
| Vulnerability Findings | CVE-linked vulnerability findings with CVSS scores, CWE IDs, EPSS scores, and KEV status |
Required API scopes
The following Socket.dev API scopes are required for full ingestion:
| Scope | Used by |
|---|---|
| (no extra scope) | Listing organizations |
repo:list | Listing repositories |
full-scans:list | Streaming package data from full scans |
alerts:list | Listing security alerts |
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
OAuth Scopes
OAuth scopes that must be granted to the application or service principal.
Show OAuth Scopes (3)
alerts:listfull-scans:listrepo:list
Endpoints
API endpoints that the integration makes requests to.
Show Endpoints (4)
https://api.socket.dev/v0/organizationshttps://api.socket.dev/v0/orgs/{org_slug}/alertshttps://api.socket.dev/v0/orgs/{org_slug}/full-scans/{full_scan_id}https://api.socket.dev/v0/orgs/{org_slug}/repos
Documentation Links
Links to provider documentation relevant to setup and configuration.
Show Documentation Links (4)
Per-Step Breakdown
Detailed authorization requirements for each ingestion step.
Show all steps (3)
| Step | OAuth Scopes | Endpoints |
|---|---|---|
| Fetch Alerts | alerts:list | https://api.socket.dev/v0/orgs/{org_slug}/alerts |
| Fetch Packages | full-scans:list | https://api.socket.dev/v0/orgs/{org_slug}/full-scans/{full_scan_id} |
| Fetch Repositories | repo:list | https://api.socket.dev/v0/orgs/{org_slug}/repos |
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Alert | socket_alert | Finding |
| Organization | socket_organization | Account |
| Package | socket_package | CodeModule |
| Repository | socket_repository | CodeRepo |
| Service | socket_supply_chain_scanner | Service |
| Vulnerability Finding | socket_vulnerability_finding | Finding, Vulnerability |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
socket_organization | HAS | socket_supply_chain_scanner |
socket_organization | HAS | socket_repository |
socket_package | USES | socket_package |
socket_package | HAS | socket_alert |
socket_package | HAS | socket_vulnerability_finding |
socket_repository | HAS | socket_package |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
socket_repository | IS | github_repo | FORWARD |
Socket Alert
socket_alert inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
alertKey * | string | Unique alert instance key | |
alertType * | string | Type of alert (e.g. typosquat, malware, install, phantom, obfuscatedCode) | |
clearedOn * | number | null | Timestamp when the alert was cleared | |
fixDescription * | string | null | Recommended fix description | |
fixType * | string | null | Recommended fix type (e.g. upgrade, remove) | |
webLink * | string | URL to the alert dashboard |
Socket Organization
socket_organization inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
logoUrl * | string | null | URL of the organization logo | |
plan * | string | Subscription plan name | |
slug * | string | Organization slug identifier | |
vendor * | string | Vendor name |
Socket Package
socket_package inherits from CodeModule
| Property | Type | Description | Specifications |
|---|---|---|---|
author * | array | null | Package authors or maintainers | |
isDead * | boolean | Whether this package is deprecated or abandoned | |
isDev * | boolean | Whether this is a development-only dependency | |
isDirect * | boolean | Whether this is a direct dependency | |
license * | string | null | SPDX license identifier | |
namespace * | string | Package namespace or scope | |
packageType * | string | Package ecosystem type (e.g. npm, pypi, maven) | |
size * | number | null | Total size of the package in bytes | |
socketScoreLicense * | number | null | Socket license score (0.0–1.0) | |
socketScoreMaintenance * | number | null | Socket maintenance score (0.0–1.0) | |
socketScoreOverall * | number | null | Socket overall score (0.0–1.0) | |
socketScoreQuality * | number | null | Socket quality score (0.0–1.0) | |
socketScoreSupplyChain * | number | null | Socket supply chain score (0.0–1.0) | |
socketScoreVulnerability * | number | null | Socket vulnerability score (0.0–1.0) | |
version * | string | Package version string |
Socket Repository
socket_repository inherits from CodeRepo
| Property | Type | Description | Specifications |
|---|---|---|---|
defaultBranch * | string | null | Default branch name | |
githubRepoName * | string | null | Associated GitHub repository name (owner/repo) when GitHub App is installed | |
headFullScanId * | string | null | ID of the most recent full scan for this repository | |
isArchived * | boolean | Whether the repository is archived | |
isPublic * | boolean | Whether the repository is publicly visible | |
slug * | string | Repository slug identifier | |
workspace * | string | Workspace this repository belongs to |
Socket Supply Chain Scanner
socket_supply_chain_scanner inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | array of strings | Service categories | |
vendor * | string | Vendor name |
Socket Vulnerability Finding
socket_vulnerability_finding inherits from Finding, Vulnerability
| Property | Type | Description | Specifications |
|---|---|---|---|
alertKey * | string | Unique alert instance key | |
alertType * | string | Type of alert | |
clearedOn * | number | null | Timestamp when the finding was cleared | |
cveId * | string | null | CVE identifier | |
cvssScore * | number | null | CVSS base score | |
cvssVector * | string | null | CVSS vector string | |
cweIds * | array | null | CWE identifiers | |
epssPercentile * | number | null | EPSS percentile ranking | |
epssScore * | number | null | EPSS probability score | |
fixedVersion * | string | null | First patched version identifier | |
ghsaIds * | array | null | GitHub Security Advisory identifiers | |
isKev * | boolean | null | Whether this is a CISA Known Exploited Vulnerability | |
webLink * | string | URL to the alert dashboard |