Policies (decide which alerts to enable in the GitHub integration)
complete
C
Christophe David
Users should be able to select which of the 70+ issues Socket supports to enable in the GitHub integration.
For example, we may want to enable Socket Alerts for packages with critical CVEs (which are not currently enabled in the GitHub app by default)
Or, we may want to disable certain alert types, such as Native Code.
Feross Aboukhadijeh (Socket)
complete
You can optionally configure the Socket GitHub app by adding a socket.yml file to the root of your repo. See: https://docs.socket.dev/docs/socket-yml
We're also excited to share that the Socket Security dashboard allows configuring which issues are enabled at an organization level. This organization level setting allows security teams to quickly change organization level settings without needing to send pull requests to edit the socket.yml in all repositories affected. See: https://socket.dev/blog/introducing-organization-dashboards
Feross Aboukhadijeh (Socket)
in progress
We're working on this feature!