Security platform: Socket expands security offering with Scala and Kotlin
Socket now also scans Scala and Kotlin projects for security risks. The platform continues to grow in terms of language. The dashboard has also been revised.
(Image: Erzeugt mit Midjourney durch heise medienwerk)
The Socket security platform is expanding its offering to include the Scala and Kotlin programming languages. According to the company, this is in response to the growing demand for security for modern software stacks. Socket automatically checks open source dependencies for vulnerabilities, manipulated packages and other risks – directly during installation in the code.
With support for Scala and Kotlin, the platform is now also opening up to development teams working primarily in backend or Android development. The new functions are intended to help ensure greater transparency and security in the software supply chain in these environments too.
Community wishes influence development
According to Socket, the desire to integrate these two languages into the platform also came from the developer community. Scala and Kotlin are becoming increasingly important – both in large companies and in start-ups. Both programming languages run on the Java Virtual Machine (JVM). Scala is often used in data processing and backend development, while Kotlin is mainly used for the development of Android apps and in the backend. Both languages are considered modern alternatives to Java.
The integration makes it possible to identify potentially dangerous dependencies at an early stage and not only react after the build or during operation. Socket takes a close look at the selection of software components in order to identify potential risks at an early stage.
Videos by heise
More overview in the dashboard
In addition to the new language support, Socket is also announcing changes to the user interface. According to the announcement, navigation has been made clearer and visual distractions have been reduced. This should help to make security-relevant information accessible more quickly.
The platform also supports the new Python format pylock.toml. This lock file format was introduced as part of PEP 751 (Python Enhancement Proposal) in order to uniformly record dependencies in Python projects. It enables reproducible builds and is intended to facilitate traceability across different systems –, for example on different operating systems or in changing development environments.
(Image:Â Titima Ongkantong/Shutterstock)
heise devSec 2025 will take place in Regensburg on September 30 and October 1. The conference, organized by iX, heise Security and dpunkt.verlag, will focus on topics such as threat modeling, software supply chain, OAuth, ASPM, Kubernetes and the influence of GenAI on security.
(mdo)
