> ## Documentation Index
> Fetch the complete documentation index at: https://docs.leen.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Socket.dev

> Instructions on how to configure API access for Socket.dev 

## Supported Data Models

* [Issues (AppSec)](/integrations/application-security)
  * type: `vulnerability`, `code`, `config`, `license`, `custom`
* [Vulnerability Findings V2](/integrations/v2/vulnerability-findings-v2)
  * type: `dependency`, `code`, `unknown`
* Resources
  * type: `repository`

## Onboarding Socket.dev

Follow the steps below to onboard your environment to our Socket.dev integration.

<Steps>
  <Step title="Generate an API Key">
    1. Log in to your Socket.dev dashboard at [socket.dev](https://socket.dev).
    2. If you have multiple organizations, select the correct one from the organization switcher.
    3. Go to **Settings** → **API Keys** → **Create API Token**.
    4. Name it (e.g., "Leen Integration").
    5. Under **Scopes**, check:
       * `repo:list` – to list repositories
       * `alerts:list` – to fetch security alerts
    6. Click **Create** and **copy the key** (it won't be shown again).

    <Warning>
      Copy your API key immediately after creation. It will not be shown again after you close the dialog.
    </Warning>
  </Step>

  <Step title="Find Your Organization Slug">
    1. In the Socket.dev dashboard, navigate to your organisation's page.
    2. The organisation slug appears in the URL: `https://socket.dev/dashboard/org/{org-slug}/`
  </Step>

  <Step title="Enter Configuration Parameters in Leen">
    In your Leen integration configuration, provide the following:

    | Parameter     | Description                                    | Required |
    | ------------- | ---------------------------------------------- | -------- |
    | **API Token** | The API key generated in Step 1.               | Yes      |
    | **Org Slug**  | Your Socket.dev organisation slug from Step 2. | Yes      |
  </Step>
</Steps>

## Severity Mapping

Socket alert severities are mapped to Leen's unified severity model as follows:

| Socket Severity   | Leen Severity |
| ----------------- | ------------- |
| `critical`        | Critical      |
| `high`            | High          |
| `middle`          | Medium        |
| `low`             | Low           |
| *(anything else)* | Info          |

## State Mapping

Socket alert states are mapped to Leen's unified state model as follows:

| Socket Status / Action | Leen State |
| ---------------------- | ---------- |
| `action = ignore`      | Ignored    |
| `status = cleared`     | Closed     |
| *(all others)*         | Open       |

## Alert Type Mapping

Socket alert categories are mapped to Leen issue and finding types as follows:

| Socket Category   | AppSec Type (V1) | Finding Type (V2) |
| ----------------- | ---------------- | ----------------- |
| `vulnerability`   | Vulnerability    | Dependency        |
| `supplyChainRisk` | Vulnerability    | Dependency        |
| `maintenance`     | Config           | Dependency        |
| `license`         | License          | Dependency        |
| `quality`         | Code             | Code              |
| `other`           | Custom           | Unknown           |

## Data Synced

The Socket.dev integration syncs the following data:

* **Alerts**: Open security alerts across all repositories, including critical CVEs, supply chain risks, deprecated packages, and potential vulnerabilities.
* **Repositories**: All repositories in the organisation, used as Leen resources of type `repository`.

For any additional information about our field mappings or integrations, please contact us.