I like using Socket for everything in regards to my application security. It's the exact tool we need to make sure we don't download anything nefarious, especially in the age of vulnerable libraries. I appreciate the MCP feature, which allows AI agents to check the packages in advance so we don't download anything insecure or malicious. The initial setup was as easy as chips. Review collected by and hosted on G2.com.

N/A Review collected by and hosted on G2.com.

I love the approach Socket has taken towards solving open source security problems with their subjective analysis and the 70 plus signals they use in analyzing each different package. It's quite unheard of across other vendors in the space, making their analysis quite accurate and simplifying our work. Socket helps us save time in manual reviews of open source packages. It also assists developers in evaluating our existing inventory of open source packages for necessary upgrades or changes. The initial setup was pretty straightforward and easy due to the use of GitHub's connection, making it much easier to roll out across multiple repositories. Review collected by and hosted on G2.com.

The UI is quite slow and takes a bit of time to load. Apart from that, I don't have much of an issue. Review collected by and hosted on G2.com.

Socket has been a game-changer for our team. It stands out in the SCA space thanks to its developer-centric design and seamless integration into our development workflow. It fits naturally into how we build and ship software - really easy to use!

What I appreciate most is how noise-free the alerts are, especially now with the acquisition of Coana. We're getting real, actionable insights instead of being overwhelmed by false positives.

Additionally, the Socket team has been a fantastic partner - responsive, knowledgeable, and ready to help. We’re excited to see how the platform evolves and continues to push the envelope in this space. Review collected by and hosted on G2.com.

So far, we haven’t encountered any significant drawbacks. The platform has met our expectations and worked well for our needs. Review collected by and hosted on G2.com.

Socket.dev is a high-leverage part of a software supply-chain risk program. It reliably surfaces integrity and operational risks in third-party libraries and helps our teams make better decisions, faster.

Its source-first analysis surfaces real operational and supply-chain risks, well beyond CVE lists, and enables acting both proactively and reactively. Deployment scales cleanly, ROI is clear for security and engineering, and the product roadmap is impressively aligned with industry direction. Review collected by and hosted on G2.com.

We have not encountered any material issues to date. The few issues observed, consistent with early-stage growth, are addressed promptly and transparently, and reliability continues trending upward. Review collected by and hosted on G2.com.

We first started to take an interest in Socket thanks to its industry-leading malware detection and blocking capabilities in the supply chain security space. However, with how much they've been adding to the product, it's quickly becoming our tool of choice for all supply chain vulnerability management. They have a lot coming that I'm excited about, they've been responsive to feedback, and they've been iterating pretty quickly. I'm optimistic about the ability to auto-fix vulnerabilities. Review collected by and hosted on G2.com.

I use the product as the head of an application security team. Setting up the tool and getting it to cover PRs was been really easy, but using the console to follow up on the things that developers AREN'T fixing is still burdensome. While tools like `socket fix` are excellent in theory for fixing many issues at once, we still spend a lot of time confirming which alerts are actually worth prioritizing, and the user journey for someone like me here hasn't improved a lot since we started using it earlier this year. Changes are coming, but in the meantime getting its reports into our not-Jira ticketing system and using them for specific triage recommendations has required a lot more effort than expected. This whole experience, from triage to resolution, could be smoother. Review collected by and hosted on G2.com.

It's a great product with an awesome team. We've deployed Socket to our entire GitHub organization Review collected by and hosted on G2.com.

Nothing as of now. waiting for 2-way Jira integration Review collected by and hosted on G2.com.

We consume Socket's package scanning APIs as part of an internal supply chain security platform. Socket has been a fantastic partner: they are reliable, responsive, and the product provides high-signal malware detections in open source packages. Review collected by and hosted on G2.com.

No significant drawbacks or compliants about the platform. We'd love more coverage over additional package ecosystems! Review collected by and hosted on G2.com.

Socket has many security features, but they're especially strong at monitoring for supply chain attacks. They are also very proactive in customer support, responding very quickly to our needs. Review collected by and hosted on G2.com.

There is an overall pain in having so many SAST and other tools. It would be nice for Socket to cover more use cases and thus allow us to consolidate more use cases. Review collected by and hosted on G2.com.

Awesome product. Awesome customers. Awesome team. We've deployed Socket to our whole GitHub organization – love their product , take on supply chain security for us/the world Review collected by and hosted on G2.com.

Nothing as of now.it is providing all the functions which required. Review collected by and hosted on G2.com.

the tools to safely secure your work are relatively extensive in its use Review collected by and hosted on G2.com.

it can be hard to understand , it's latency, and resource nature gets intensive Review collected by and hosted on G2.com.