# Socket Reviews **Vendor:** Socket **Category:** [Software Composition Analysis Tools](https://www.g2.com/categories/software-composition-analysis) **Average Rating:** 4.7/5.0 **Total Reviews:** 10 ## About Socket Socket is the leading developer-first security platform that protects modern applications from malicious and vulnerable open source dependencies. By combining real-time package monitoring with AI-powered code analysis, Socket detects and blocks supply chain attacks within minutes of publication. With advanced reachability analysis, automated remediation, and license compliance features, Socket enables teams to focus on building software, while we keep their open source code secure. ## Socket Pros & Cons **What users like:** - Users highlight the **strong security features** of Socket, excelling in monitoring and detecting supply chain risks effectively. (3 reviews) - Users commend Socket for its **innovative open source security solutions** , providing accurate analyses that simplify package evaluations. (2 reviews) - Users appreciate the **accuracy of findings** from Socket, benefiting from thorough analysis and time-saving features. (1 reviews) - Users value the **proactive alert system** of Socket, ensuring timely responses to potential supply chain threats. (1 reviews) - Users value the **comprehensive security** provided by Socket, enhancing risk assessment and decision-making in software supply chains. (1 reviews) - Users value the **proactive and quick customer support** from Socket, enhancing their overall experience with the product. (1 reviews) - Users value the **high-signal malware detections** from Socket, ensuring robust supply chain security with reliable performance. (1 reviews) - Ease of Use (1 reviews) - Easy Setup (1 reviews) - Users value the **efficiency** of Socket.dev, enhancing decision-making with reliable risk assessments in third-party libraries. (1 reviews) **What users dislike:** - Users feel the **missing features** in Socket hinder consolidation and create reliance on multiple tools. (1 reviews) - Users experience **system slowness** with Socket, as the UI takes time to load and affects usability. (1 reviews) ## Socket Reviews ### 1. Essential Tool for Application Security with Stellar MCP Feature **Rating:** 5.0/5.0 stars **Reviewed by:** Shreejal M. | Full-stack Developer, Retail, Small-Business (50 or fewer emp.) **Reviewed Date:** April 24, 2026 **What do you like best about Socket?** I like using Socket for everything in regards to my application security. It's the exact tool we need to make sure we don't download anything nefarious, especially in the age of vulnerable libraries. I appreciate the MCP feature, which allows AI agents to check the packages in advance so we don't download anything insecure or malicious. The initial setup was as easy as chips. **What do you dislike about Socket?** N/A **What problems is Socket solving and how is that benefiting you?** Socket ensures we don't download anything nefarious in the age of vulnerable libraries, with the MCP feature helping AI agents check packages for security. ### 2. Unique Approach to Supply Chain Security Problem and Does It Really Well **Rating:** 5.0/5.0 stars **Reviewed by:** Sindhoor H. **Reviewed Date:** December 05, 2025 **What do you like best about Socket?** I love the approach Socket has taken towards solving open source security problems with their subjective analysis and the 70 plus signals they use in analyzing each different package. It's quite unheard of across other vendors in the space, making their analysis quite accurate and simplifying our work. Socket helps us save time in manual reviews of open source packages. It also assists developers in evaluating our existing inventory of open source packages for necessary upgrades or changes. The initial setup was pretty straightforward and easy due to the use of GitHub's connection, making it much easier to roll out across multiple repositories. **What do you dislike about Socket?** The UI is quite slow and takes a bit of time to load. Apart from that, I don't have much of an issue. **What problems is Socket solving and how is that benefiting you?** I use Socket for dependency management and improving our security posture by analyzing risks in open source dependencies. It helps us accurately measure risk across our entire supply chain, providing insights during supply chain attacks, and saves time on manual reviews of open source packages. ### 3. A modern, developer-friendly approach to software supply chain security **Rating:** 5.0/5.0 stars **Reviewed by:** Brewin V. | VP of Engineering, Mid-Market (51-1000 emp.) **Reviewed Date:** July 23, 2025 **What do you like best about Socket?** Socket has been a game-changer for our team. It stands out in the SCA space thanks to its developer-centric design and seamless integration into our development workflow. It fits naturally into how we build and ship software - really easy to use! What I appreciate most is how noise-free the alerts are, especially now with the acquisition of Coana. We're getting real, actionable insights instead of being overwhelmed by false positives. Additionally, the Socket team has been a fantastic partner - responsive, knowledgeable, and ready to help. We’re excited to see how the platform evolves and continues to push the envelope in this space. **What do you dislike about Socket?** So far, we haven’t encountered any significant drawbacks. The platform has met our expectations and worked well for our needs. **What problems is Socket solving and how is that benefiting you?** Socket helps our team address supply chain vulnerabilities quickly and efficiently. By proactively identifying bad dependencies and surfacing actionable alerts, it significantly improves the overall security posture of our platform. It also gives us confidence in the integrity of our dependencies without slowing down development. ### 4. An Innovative SCA Approach for Software Supply Chain Risk **Rating:** 4.5/5.0 stars **Reviewed by:** Itai M. | Manager, Software Supply Chain Security, Enterprise (> 1000 emp.) **Reviewed Date:** August 19, 2025 **What do you like best about Socket?** Socket.dev is a high-leverage part of a software supply-chain risk program. It reliably surfaces integrity and operational risks in third-party libraries and helps our teams make better decisions, faster. Its source-first analysis surfaces real operational and supply-chain risks, well beyond CVE lists, and enables acting both proactively and reactively. Deployment scales cleanly, ROI is clear for security and engineering, and the product roadmap is impressively aligned with industry direction. **What do you dislike about Socket?** We have not encountered any material issues to date. The few issues observed, consistent with early-stage growth, are addressed promptly and transparently, and reliability continues trending upward. **What problems is Socket solving and how is that benefiting you?** - Enhancing our Software Composition Analysis Program. - Enhancing our Software Supply Chain Security Program by surfacing operational risks in third-party libraries. ### 5. Broad coverage and rapidly emerging capabilities **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** July 24, 2025 **What do you like best about Socket?** We first started to take an interest in Socket thanks to its industry-leading malware detection and blocking capabilities in the supply chain security space. However, with how much they've been adding to the product, it's quickly becoming our tool of choice for all supply chain vulnerability management. They have a lot coming that I'm excited about, they've been responsive to feedback, and they've been iterating pretty quickly. I'm optimistic about the ability to auto-fix vulnerabilities. **What do you dislike about Socket?** I use the product as the head of an application security team. Setting up the tool and getting it to cover PRs was been really easy, but using the console to follow up on the things that developers AREN'T fixing is still burdensome. While tools like `socket fix` are excellent in theory for fixing many issues at once, we still spend a lot of time confirming which alerts are actually worth prioritizing, and the user journey for someone like me here hasn't improved a lot since we started using it earlier this year. Changes are coming, but in the meantime getting its reports into our not-Jira ticketing system and using them for specific triage recommendations has required a lot more effort than expected. This whole experience, from triage to resolution, could be smoother. **What problems is Socket solving and how is that benefiting you?** Socket is currently our primary tool for identifying and responding to vulnerable dependencies in our software repositories. It's also covering legal concerns around open source licensing. It makes it easy for us to have a single authoritative source for what's wrong and worth resolving. ### 6. Great Product **Rating:** 5.0/5.0 stars **Reviewed by:** Ayush M. | Director, Mid-Market (51-1000 emp.) **Reviewed Date:** October 10, 2025 **What do you like best about Socket?** It's a great product with an awesome team. We've deployed Socket to our entire GitHub organization **What do you dislike about Socket?** Nothing as of now. waiting for 2-way Jira integration **What problems is Socket solving and how is that benefiting you?** Ensuring the security of applications and being able to identify potential attacks is crucial. Recently, there were a few attacks that Socket's automated scanner successfully detected and flagged on the Socket dashboard. It's reassuring to have a product that can catch these issues before they become serious problems. ### 7. Next-generation supply chain security **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer Software | Enterprise (> 1000 emp.) **Reviewed Date:** October 17, 2025 **What do you like best about Socket?** We consume Socket's package scanning APIs as part of an internal supply chain security platform. Socket has been a fantastic partner: they are reliable, responsive, and the product provides high-signal malware detections in open source packages. **What do you dislike about Socket?** No significant drawbacks or compliants about the platform. We'd love more coverage over additional package ecosystems! **What problems is Socket solving and how is that benefiting you?** Software supply chain security - it helps us ensure that developers are not installing packages with malware. ### 8. Strong supply chain monitoring, great customer service **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Mid-Market (51-1000 emp.) **Reviewed Date:** September 10, 2025 **What do you like best about Socket?** Socket has many security features, but they're especially strong at monitoring for supply chain attacks. They are also very proactive in customer support, responding very quickly to our needs. **What do you dislike about Socket?** There is an overall pain in having so many SAST and other tools. It would be nice for Socket to cover more use cases and thus allow us to consolidate more use cases. **What problems is Socket solving and how is that benefiting you?** Monitoring for supply chain vulnerabilities. ### 9. Socket helps keep our software secure **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Mid-Market (51-1000 emp.) **Reviewed Date:** October 21, 2023 **What do you like best about Socket?** Awesome product. Awesome customers. Awesome team. We've deployed Socket to our whole GitHub organization – love their product , take on supply chain security for us/the world **What do you dislike about Socket?** Nothing as of now.it is providing all the functions which required. **What problems is Socket solving and how is that benefiting you?** Basically it works like security application.it provides the security to the application.Their tool keeps your app safe even in the worst case scenario of an active supply chain attack in an NPM package. ### 10. Socket review **Rating:** 4.0/5.0 stars **Reviewed by:** Ivan C. | Assistant System Engineer, Small-Business (50 or fewer emp.) **Reviewed Date:** October 12, 2023 **What do you like best about Socket?** the tools to safely secure your work are relatively extensive in its use **What do you dislike about Socket?** it can be hard to understand , it's latency, and resource nature gets intensive **What problems is Socket solving and how is that benefiting you?** API calling gets responses faster - [View Socket pricing details and edition comparison](https://www.g2.com/products/socket-socket/reviews?section=pricing&secure%5Bexpires_at%5D=2026-05-25+06%3A03%3A01+-0500&secure%5Bsession_id%5D=9adbe7c4-2cc3-4aa6-9721-65d12b7a653d&secure%5Btoken%5D=9867eda18aa9abe32fafba68bae3a60a790e152343ef925da9cfdf5fb8154321&format=llm_user) ## Socket Integrations - [GitHub](https://www.g2.com/products/github/reviews) ## Socket Features **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Security** - Tampering - Malicious Code - Verification - Security Risks **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Tracking** - Bill of Materials - Audit Trails - Monitoring **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning ## Top Socket Alternatives - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,284 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (874 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (786 reviews)