[Go to site: main page, start]
Documentation
  1. CI-CD Integrations

Create Socket API Key for CI/CD

Create your Socket API Key

You can either create your API key yourself if you have permissions in your socket.dev account or you can have your Admin create it for you with the scopes listed below. (See Notes section below for the environment variable usages)

  1. Log into the socket.dev dashboard

  2. Go to Settings

  3. Go to the API Tokens tab

  4. Select Create API Token

  5. Give the token a name like CI/CD API Key

  6. Select the following scopes

    1. repo

      1. repo:list
      2. repo:create
      3. repo:update

    2. security-policy

      1. security-policy:read

    3. Triage

      1. triage:alerts-list

      2. triage:alerts-update

    4. full-scans

      1. full-scans:list
      2. full-scans:create

    5. packages

      1. packages:list

  7. Click Confirm

  8. Click on Show key

  9. Click on the API Key Token to copy


Notes:

  • The Socket CLI reads your API token from either SOCKET_SECURITY_API_KEY or SOCKET_SECURITY_API_TOKEN (it also accepts SOCKET_API_KEY / SOCKET_API_TOKEN, or the --api-token flag). These work the same whether you run the CLI locally or in a CI/CD integration (GitHub Actions, GitLab, Bitbucket, Jenkins, Azure DevOps).
  • If more than one is set, SOCKET_SECURITY_API_KEY takes precedence. The CI/CD examples in these docs use SOCKET_SECURITY_API_KEY.