The Reports section in Socket provides a comprehensive overview of all the reports that have been run within your organization, encompassing GitHub applications, APIs, and CLI integrations. Below is a detailed guide on how to navigate and utilize the Reports feature effectively.

1. Accessing Reports

  • Navigate to the Reports section from the left-hand sidebar.
  • The main Reports page will display a list of all reports generated in your organization.

2. Report List Details

Each entry in the report list includes the following information:

  • Report ID: Unique identifier for the report.
  • Ran At: The date and time when the report was executed.
  • Source: Indicates the origin of the report (e.g., GitHub, API, CLI).
  • Repository: The repository associated with the report.
  • Branch: The branch from which the report was generated.
  • Pull Request: Indicates if the report is associated with a specific pull request.
  • Commit: The specific commit that triggered the report.
  • Delete: Option to delete the report.

Report List Example

3. Report Details

Clicking on a report ID will open the detailed view of the report. Here, you can see:

  • Alerts: Lists all the alerts triggered during the report.
  • Dependencies: Shows all the dependencies analyzed.
  • Files: Details of the files inspected.
  • Artifacts: Information about specific artifacts related to the report.

Report Details

4. Alert Categories

Alerts are categorized based on severity:

  • Critical: Immediate action required.
  • High: Significant issues that need addressing.
  • Medium: Moderate issues to be aware of.
  • Low: Minor issues for information.

Example of Alerts:
Alerts Example

5. Dependency Analysis

The Dependencies tab provides a comprehensive list of all dependencies associated with the report, highlighting potential issues such as:

Dependency Analysis

6. Files

The Files tab provides a list of files used within the repository. You can select individual files to view the contents.



7. Artifact Details

Each artifact in the report is detailed with information such as:

  • Ecosystem: The environment (e.g., npm, PyPI) the artifact belongs to.
  • Artifact Name: The specific name and version of the artifact.
  • Category: The type of risk associated (e.g., Supply chain risk).
  • Scores: Various metrics such as supply chain security, quality, maintenance, vulnerabilities, and license compliance.

Artifact Details

By utilizing the Reports feature in Socket, you can maintain a secure and efficient development workflow, ensuring all dependencies and components are continuously monitored and evaluated for potential risks.