Reports
Introduction
The Reports section in Socket provides a comprehensive overview of all the reports that have been run within your organization, encompassing GitHub applications, APIs, and CLI integrations. Below is a detailed guide on how to navigate and utilize the Reports feature effectively.
1. Accessing Reports
- Navigate to the Reports section from the left-hand sidebar.
- The main Reports page will display a list of all reports generated in your organization.
2. Report List Details
Each entry in the report list includes the following information:
- Report ID: Unique identifier for the report.
- Ran At: The date and time when the report was executed.
- Source: Indicates the origin of the report (e.g., GitHub, API, CLI).
- Repository: The repository associated with the report.
- Branch: The branch from which the report was generated.
- Pull Request: Indicates if the report is associated with a specific pull request.
- Commit: The specific commit that triggered the report.
- Delete: Option to delete the report.
Example:
3. Report Details
Clicking on a report ID will open the detailed view of the report. Here, you can see:
- Alerts: Lists all the alerts triggered during the report.
- Dependencies: Shows all the dependencies analyzed.
- Files: Details of the files inspected.
- Artifacts: Information about specific artifacts related to the report.
Example:
4. Alert Categories
Alerts are categorized based on severity:
- Critical: Immediate action required.
- High: Significant issues that need addressing.
- Medium: Moderate issues to be aware of.
- Low: Minor issues for information.
Example of Alerts:
5. Dependency Analysis
The Dependencies tab provides a comprehensive list of all dependencies associated with the report, highlighting potential issues such as:
Example:
6. Files
The Files tab provides a list of files used within the repository. You can select individual files to view the contents.
Example:
7. Artifact Details
Each artifact in the report is detailed with information such as:
- Ecosystem: The environment (e.g., npm, PyPI) the artifact belongs to.
- Artifact Name: The specific name and version of the artifact.
- Category: The type of risk associated (e.g., Supply chain risk).
- Scores: Various metrics such as supply chain security, quality, maintenance, vulnerabilities, and license compliance.
Example:
By utilizing the Reports feature in Socket, you can maintain a secure and efficient development workflow, ensuring all dependencies and components are continuously monitored and evaluated for potential risks.
Updated 6 months ago