Comprehensive security scanning with SAST, secrets detection, container scanning, and more β all in one unified tool.
Socket Basics orchestrates multiple security scanners, normalizes their outputs into Socket's standardized format, and delivers consolidated results through your preferred notification channels.
The easiest way to use Socket Basics is through GitHub Actions. Add it to your workflow in minutes:
name: Security Scan
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
security-scan:
permissions:
issues: write
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Socket Basics
uses: SocketDev/[email protected]
env:
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
socket_security_api_key: ${{ secrets.SOCKET_SECURITY_API_KEY }}That's it! With just your SOCKET_SECURITY_API_KEY, all scanning configurations are managed through the Socket Dashboard β no workflow changes needed.
- β Zero Configuration Required β Configure scanning policies in the Socket Dashboard
- β All Scanners Included β SAST, secrets, containers, and dependency analysis
- β PR Comments β Automated security findings on pull requests
- β Centralized Management β Update policies across all repos from one place
π Complete GitHub Actions Guide β
Socket Basics can also run locally or in other CI/CD environments:
- Pre-Commit Hook β Catch issues before they're committed
- Local Docker Installation β Run in Docker with no tool installation required
- Local Installation β Install security tools natively on your machine
Built-in Security Scanners:
- π SAST β Static analysis for 15+ languages (Python, JavaScript, Go, Java, Ruby, C#, and more)
- π Secret Scanning β Detect leaked credentials and API keys with TruffleHog
- π³ Container Scanning β Vulnerability scanning for Docker images and Dockerfiles with Trivy
- π¦ Dependency Analysis β Socket Tier 1 reachability analysis for supply chain security
Enterprise Features (requires Socket Enterprise):
- ποΈ Dashboard Configuration β Centrally manage scanning policies across your organization
- π’ Notification Integrations β Send results to Slack, Jira, MS Teams, MS Sentinel, Sumo Logic, and webhooks
- π Unified Reporting β Consolidated security view across all your projects
Flexible Configuration:
- Configure via CLI flags, environment variables, JSON files, or the Socket Dashboard
- Auto-enablement for container scanning when images or Dockerfiles are specified
- Support for both standard and GitHub Actions
INPUT_*environment variables
- GitHub Actions Integration β Complete guide with workflow examples
- Pre-Commit Hook Setup β Two installation methods (Docker vs native)
- Local Docker Installation β Run with Docker, no tools to install
- Local Installation β Install Socket CLI, Trivy, and other tools natively
All configuration can be managed through:
- Socket Dashboard (Enterprise) β Centralized policy management
- CLI Arguments β Direct command-line flags
- Environment Variables β Standard or
INPUT_*prefixed for GitHub Actions - JSON Configuration File β Structured configuration (see
socket_config_example.json)
See Configuration Documentation for details on all available options.
- Scans your codebase using multiple security tools in parallel
- Normalizes all findings into a unified Socket facts JSON format
- Filters results based on severity thresholds and configured rules
- Reports consolidated findings through console, files, or notification channels
Socket Enterprise customers can configure Socket Basics directly from the Socket Dashboard:
Configure scanning policies, notification channels, and rule sets for your entire organization in one place. Your settings are automatically synchronized when you provide SOCKET_SECURITY_API_KEY and SOCKET_ORG.
Dashboard-Configured (Enterprise):
- uses: SocketDev/[email protected]
env:
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
socket_security_api_key: ${{ secrets.SOCKET_SECURITY_API_KEY }}
# All configuration managed in Socket DashboardCLI-Configured:
- uses: SocketDev/[email protected]
env:
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number || github.event.issue.number }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
python_sast_enabled: 'true'
secret_scanning_enabled: 'true'
container_images: 'myapp:latest'π View Complete GitHub Actions Documentation
# Build with version tag
docker build -t socketdev/socket-basics:1.0.10 .
# Run scan
docker run --rm -v "$PWD:/workspace" socketdev/socket-basics:1.0.10 \
--workspace /workspace \
--python-sast-enabled \
--secret-scanning-enabled \
--console-tabular-enabledπ View Docker Installation Guide
socket-basics --python --secrets --containers --verboseπ View Local Installation Guide
For GitHub Actions & Docker: No installation needed β all tools are bundled in the container.
For Local Installation:
- Python 3.8+
- Socket CLI (for dependency analysis)
- Trivy (for container scanning)
- OpenGrep/Semgrep (for SAST)
- TruffleHog (for secret scanning)
See Local Installation Guide for detailed setup instructions.
Socket Basics normalizes all scanner findings into a standardized Socket facts JSON structure:
{
"components": [
{
"type": "file",
"name": "path/to/file",
"alerts": [
{
"type": "sast|secret|container",
"severity": "low|medium|high|critical",
"message": "description",
"location": {"path": "file/path", "line": 42}
}
]
}
]
}Results can be:
- Printed to console in tabular or JSON format
- Written to file (
.socket.facts.json) - Sent to notification channels (Slack, Jira, webhooks, etc.)
Socket Basics uses a plugin-style connector system. Each connector:
- Lives under
socket_basics/core/connector/ - Implements
scan()to execute the underlying tool - Implements
_process_results()to normalize output
Add new connectors by:
- Creating a directory under
socket_basics/core/connector/<tool>/ - Implementing the connector class
- Adding configuration to
socket_basics/connectors.yaml
See the Developer Guide for details.
Integration tests for connectors live in app_tests/. This is the authoritative location for connector-level testing with sample repositories.
# Run tests
python -m pytest app_tests/ -v
# Run specific connector tests
python -m pytest app_tests/test_trivy.py -vConnector fails to load:
- Verify
module_pathandclassinsocket_basics/connectors.yaml
Socket API errors:
- Ensure
SOCKET_SECURITY_API_KEYandSOCKET_ORGare set correctly - Verify your Socket Enterprise subscription is active
Notifier errors:
- Check that notification credentials (Slack webhook, Jira token, etc.) are properly configured
- Remember: Notifiers require Socket Enterprise
Image scanning failures:
- Confirm Docker access in your runtime environment
- For GitHub Actions, ensure images are publicly accessible or credentials are provided
Enable verbose logging:
socket-basics --verbose ...
# or
INPUT_VERBOSE=true socket-basics ...We welcome contributions! To add new features:
- New Connectors: Implement under
socket_basics/core/connector/ - New Notifiers: Implement under
socket_basics/core/notification/ - Configuration: Add entries to
socket_basics/connectors.yamlorsocket_basics/notifications.yaml - Tests: Add test cases to
app_tests/
- Socket Security β Main website
- Socket Dashboard β Configure Socket Basics (Enterprise)
- Socket Documentation β Complete documentation
- Socket CLI β Dependency analysis tool
- Socket Pricing β Socket Pricing Details
Need help? Visit our documentation or contact Socket Support.