◐ Shell
clean mode source ↗

Socket Python SDK

The Socket Python SDK provides a convenient way to interact with the Socket.dev REST API using Python. This guide will help you get started with the SDK, covering installation, initialization, and usage of various functions.

For more detailed information and to view the source code, visit the Socket Python SDK GitHub project.

Before you begin, ensure you have the following:

  • Python 3.6 or higher
  • An API token from Socket.dev

To install the Socket Python SDK, clone the GitHub repo:

git clone https://github.com/SocketDev/socket-sdk-python.git

To start using the SDK, initialize it with your API token:

from socketdev import SocketDev

# Replace 'YOUR_API_KEY' with your actual API token
socket = SocketDev("YOUR_API_KEY")

Deprecated: The per-package npm issues and score endpoints (socket.npm.issues / socket.npm.score) are deprecated. Use the org-scoped batch PURL method socket.purl.post(...) (POST /orgs/{org_slug}/purl) instead — see Using PURL Post below.

You can retrieve issues associated with a specific NPM package and version:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
issues = socket.npm.issues("hardhat-gas-report", "1.1.25")
print(issues)

To fetch the score of a specific NPM package and version:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
score = socket.npm.score("hardhat-gas-report", "1.1.25")
print(score)

To get the dependencies for the organization associated with your API token:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
dependencies = socket.dependencies.get(10, 0)
print(dependencies)

To post dependencies for the organization:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
file_names = ["path/to/package.json"]
params = {
    "repository": "username/repo-name",
    "branch": "dependency-branch"
}
response = socket.dependencies.post(file_names, params)
print(response)

Retrieve the organization information from Socket.dev:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
org_info = socket.org.get()
print(org_info)

To check the current quota available for your API token:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
quota = socket.quota.get()
print(quota)

Deprecated: The report endpoints (socket.report.* / /report/*) are deprecated. Use socket.fullscans.* (post / get / metadata / stream / delete, backed by /orgs/{org_slug}/full-scans) — see Managing Full Scans. For supported-file detection use socket.supportedfiles.get(org_slug) (/orgs/{org_slug}/supported-files).

Retrieve the list of all reports for your organization:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
reports = socket.report.list()
print(reports)

Delete a specified report:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
response = socket.report.delete("report-id")
print(response)

Retrieve information for a specific Project Health Report:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
report = socket.report.view("report_id")
print(report)

Create a new project health report with the provided files:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
files = ["/path/to/manifest/package.json"]
response = socket.report.create(files)
print(response)

Retrieve information about the tracked repositories:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
repositories = socket.repositories.get()
print(repositories)

Get the organization settings from Socket.dev:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
settings = socket.settings.get()
print(settings)

Retrieve information for an SBOM report:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
sbom_report = socket.sbom.view("report_id")
print(sbom_report)

Retrieve package information for a PURL post:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
license = "true"
components = [
    {"purl": "pkg:pypi/[email protected]"},
    {"purl": "pkg:pypi/socketsecurity"}
]
response = socket.purl.post(license, components)
print(response)

Retrieve full scans information for an organization:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
fullscans = socket.fullscans.get("org_slug")
print(fullscans)

Create a full scan from a set of package manifest files:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
files = ["/path/to/manifest/package.json"]
params = {
    "org_slug": "org_name",
    "repo": "TestRepo",
    "branch": "main",
    "commit_message": "Test Commit Message",
    "commit_hash": "",
    "pull_request": "",
    "committers": "commiter",
    "make_default_branch": False,
    "set_as_pending_head": False,
    "tmp": ""
}
response = socket.fullscans.post(files, params)
print(response)

Delete an existing full scan:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
response = socket.fullscans.delete("org_slug", "full_scan_id")
print(response)

Stream all SBOM artifacts for a full scan:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
stream = socket.fullscans.stream("org_slug", "full_scan_id")
print(stream)

Retrieve metadata for a single full scan:

from socketdev import SocketDev

socket = SocketDev("YOUR_API_KEY")
metadata = socket.fullscans.metadata("org_slug", "full_scan_id")
print(metadata)

This guide provides an overview of how to get started with the Socket Python SDK. For more detailed information and updates, refer to the Socket Python SDK GitHub project. Happy coding!