Case study
Socket reduced vulnerability alerts by 70%, enabling Cedar's lean security team to focus on high-impact work.
Reachability reduced false positives significantly, improving confidence and speeding up triage.
GitHub-native workflows delivered low-friction adoption, with actionable feedback directly in pull requests.
Socket’s dependency context helped Cedar quickly determine applicability before escalating to engineering teams.
Cedar improved response velocity during major software supply chain incidents by quickly determining exposure.
Cedar is the performance engine for healthcare financial experience, built on AI to solve the growing complexity of patient financial engagement and deliver personalization at scale. Cedar’s platform unifies billing, payments, coverage, and support into a single solution that continuously learns and adapts—driving stronger results for healthcare providers and simpler, more empathetic, and personalized financial journeys for patients.
Cedar's security operations team manages most security-related functions outside of the product itself, including vulnerability management, compliance support, and detection and response. The lean team supports a fully cloud-based infrastructure built primarily on Python and Go, with TypeScript and React on the frontend.
Before partnering with Socket, Cedar faced mounting challenges with vulnerability management that threatened both security posture and developer productivity. Over six years, the team evaluated and tested multiple solutions, including building an in-house application security platform, but struggled to find tools that could deliver the data quality and stability their environment demanded.
"We've gone through quite a journey with vulnerability management, trying different approaches each year," Smith said. "We can meet our compliance requirements, but we knew we needed something more robust to truly support our developers' workflows and our security goals."
The core problem was volume. Previous tools generated thousands of findings with poor signal-to-noise ratios, making it challenging to distinguish critical vulnerabilities from false positives. Without reliable data to guide prioritization decisions, Cedar's security team needed a solution that could surface truly actionable issues.
"How do you deal with 10,000 alerts or more when they come in? You don't really. You have to figure out how to prioritize what matters most," Smith said.
This flood of potentially inaccurate alerts created a trust problem with developers. "We were looking for a tool that would help us build trust with our engineers, and most tools just overwhelm you with findings and say 'security team, you're in charge of fixing it,'" Smith said.
"This leads to low-impact time investments to get through the volume. The big things that led us to Socket were: better data quality, higher relevance, and better coverage."
Cedar selected Socket for three critical capabilities: better data quality, higher relevancy, and better coverage across their repositories. Socket's integration into Cedar's GitHub environment required minimal effort while delivering immediate value to both security and engineering teams.
Socket's GitHub integration meant developers encountered security feedback naturally within their existing workflow, with no additional tools or processes to learn.
"Most of our developers operate exclusively in GitHub. By simply turning on the Socket app, they see comments on their PRs," Smith said. "For them, it provides immediate feedback on issues and then they just deal with that like they would any other code review finding. It was pretty seamless and very low effort for us to get that enabled."
The Chrome extension provided an additional layer of visibility for developers researching dependencies. One senior engineer had been manually googling dependencies to assess their safety, a time-consuming process that relied on potentially unreliable sources.
Once the engineer started using Socket's Chrome extension, he could instantly see security data by hovering over dependencies, eliminating the need for manual research and providing more reliable information to inform his decisions.
Socket's platform became Cedar's single source of truth for dependency security information, dramatically reducing the time security engineers spent investigating vulnerabilities.
"When we do have findings now from Socket, we can go into the platform and see a lot more data on what versions are good, what are potentially bad, why it could be a problem, why it's not," Smith said. "Having one central place to do that research saves a ton of time. When an alert comes in that's reported as critical, we want to validate that it actually is critical before we interrupt and engineer and take their time."
The detailed contextual data helped Cedar's security team, who aren't all developers, quickly assess whether vulnerabilities were actually exploitable in their codebase.
"The Socket data gives us a very clear indication of real criticality. For example, in a reported critical CVE finding, we may not be using the target function or it may not be exploitable in our environment. Socket helps us quickly tell if it's applicable or not, resulting in a substantial time savings."
Unlike previous solutions that required extensive customization and integration work, Socket provided comprehensive GitHub coverage out of the box.
"With previous solutions, we had to spend a lot of time building integrations or customizing data just to make it work across our code repositories," Smith said.
"Socket's holistic solution for GitHub shaved off a ton of time previously spent maintaining a tool. That's a clear value."
Since implementing Socket, Cedar has seen dramatic improvements in both efficiency and in the security team's effectiveness. The most measurable impact has been the reduction in alert volume, a critical win for the team's limited resources.
"We get now on average maybe 10 to 12 Socket alerts per month, which is very reasonable," Smith said. "That's once every three or four days you get an alert from Socket to investigate, as opposed to previously when we were auto-generating 30 to 40 tickets a month and had to advocate for priority from engineering managers on every single ticket. When considering the time needed to adequately review findings and negotiate priority, that’s a major time difference."
This 70% reduction in alerts didn't come from ignoring vulnerabilities. It came from Socket's ability to surface only relevant, actionable findings. Cedar enabled Socket's reachability analysis tiers, which reduced false positives significantly while maintaining comprehensive security coverage.
The improved data quality and reduced noise helped Cedar achieve their primary goal: building trust with engineering teams.
"We're pretty hands-off, and we're okay with developers choosing their own path with what feels risky or not, within the guardrails security has set. We have many very skilled and security-conscious senior engineers and have a lot of trust in them," Smith said. "They get alerts in GitHub and they deal with it there. If there's a question or a critical finding, we get involved, but otherwise we strive to enable them to work fast independently."
This trust was demonstrated when a principal engineer was building Cedar's first Go repository. Socket automatically provided feedback on dependencies in his pull requests, prompting him to ask the security team about the tool. After learning about Socket's capabilities, he encouraged the team to promote it more widely across the engineering organization, a validation of how Socket naturally fit into developer workflows.
Socket filled a critical security gap by providing protection against supply chain malware, threats that Cedar's previous tools didn't reliably address.
"Just having supply chain malware protection in place that we didn't have before is a big bonus," Smith said. "If we blocked even one malicious dependency from getting into production through this feature, that's worth the cost we've paid so far."
Socket has also proven valuable during high-profile supply chain incidents, helping Cedar's team quickly assess their exposure and respond accordingly. When major attacks like those covered in security news emerged, Cedar could immediately determine whether their dependencies were affected, reducing incident response time and uncertainty.
Socket's clear, actionable data streamlined Cedar's compliance reporting process. "We have to talk to auditors about how we're finding dependencies and how we make sure we don't have vulnerable production resources," Smith said. Socket's improved data quality and reduced alert volume helped Cedar present a clear story to auditors about their vulnerability management process.
Cedar continues to expand their use of Socket, with plans to integrate dependency security data into an internal engineering scorecard dashboard. This dashboard will leverage Socket's reachability analysis and security scoring to present each engineering team with intelligent prioritization and ownership information, helping teams understand their security posture at a glance.
"We want them to see the highest impact action they can take to improve their score right away," Smith said. "The focus is on reachable, fixable, high impact vulnerabilities."
For healthcare technology companies like Cedar, managing security at scale with lean teams requires tools that provide accurate, actionable intelligence without overwhelming developers. Socket has proven to be an essential partner in building a sustainable, trust-based approach to vulnerability management and supply chain security.
Cedar Disclaimer: Cedar’s case study participation doesn’t constitute an endorsement. Results are illustrative and not guaranteed.
Interested in Socket for your organization?
Schedule a demo with our team and try Socket.
