Triage

The Triage tab is a workflow for reviewing and prioritizing work across findings. Today, it supports alert triage for Socket.dev supply chain scans.

Access

TIP

Triage is a premium feature. If you don’t see the Triage tab, your subscription may not include it.

What Triage does

• Fetches alerts from Socket.dev for a given external scan ID
• Runs an AI review on each alert and records:
  • Final decision (True Positive, False Positive, or Monitor)
  • Explanation
  • Reachability analysis
  • Mitigation guidance
• Stores results in Almanax so you can review and filter them over time

Enable Socket.dev integration

Socket.dev credentials are configured per organization (not per project).

1. Go to Org → Integrations → Socket.
2. Enter your Socket API key and Socket org slug.
3. Save.

If Socket.dev isn’t enabled for your plan, ask your org admin (or support) to enable Alert Triage.

Run a triage review (Socket.dev)

1. Open a project and click the Triage tab.
2. Select Security Tool: Socket.dev (currently the only supported tool).
3. Enter External Scan ID (this is the Socket.dev scan ID).
4. Click Triage Alerts.

Triage runs asynchronously; you’ll see a review row created with a status:

• Pending: triage is still running (the page polls periodically)
• Complete: results are ready
• Failed: triage failed; try again or contact support

Review results

In the review table you can:

• Expand a review to see its alerts
• Filter alerts by Package Name and Severity
• Click an alert to open details, including the AI review output (decision, explanation, reachability, mitigation)

Notes / limitations

• Socket.dev only: other tools may appear in the UI but are not supported yet.
• No automatic remediation: Almanax records recommendations and supporting context. It does not automatically change your repo or update Socket.dev alert states.