Socket Expands Security Offerings with Scala and Kotlin Support

The security platform Socket has announced the addition of Scala and Kotlin to its list of supported programming languages. This strategic move is in response to the increasing demand for security measures within modern software stacks.

Socket automates the scanning of open-source dependencies to identify vulnerabilities, compromised packages, and other potential risks at the time of code integration. By incorporating support for Scala and Kotlin, the platform now caters to developer teams primarily engaged in backend services and Android application development.

The enhancements aim to foster greater transparency and security throughout the software supply chain in these environments. According to Socket, the decision to integrate these languages was driven by requests from the developer community, reflecting the growing significance of Scala and Kotlin in both large enterprises and startups.

Scala, often utilized in data processing and backend development, and Kotlin, which is widely adopted for Android app development, both operate on the Java Virtual Machine (JVM). They are recognized as modern alternatives to Java, offering improved features and capabilities.

With this integration, potential risks associated with dependencies can be detected earlier in the development process, rather than just post-build or during runtime. Socket emphasizes the importance of meticulously evaluating software components to identify risks proactively.

In addition to the new language support, Socket has also announced updates to its user interface. The navigation has been streamlined to enhance clarity, reducing visual distractions and making security-related information more accessible. Furthermore, the platform now supports the new Python lockfile format, pylock.toml, introduced under PEP 751 (Python Enhancement Proposal). This format standardizes how dependencies are recorded in Python projects, enabling reproducible builds and improving traceability across different systems and development environments.

Looking ahead, the heise devSec 2025 conference will take place on September 30 and October 1 in Regensburg. This event, organized by iX, heise Security, and dpunkt.verlag, will cover topics such as threat modeling, software supply chain security, OAuth, application security posture management (ASPM), Kubernetes, and the impact of generative AI on security.