Security Vendors and Elixir Support
Michael Lubas, 2024-02-28
Many security vendors claim to support Elixir, yet when setup time comes the results are often disappointing. The chart above lists several common security tools and requirements for securing Elixir code, mapping features to the relevant vendors. Below are notes about how each vendor was assessed. Author contact: michael at this domain.
Paraxial.io
- SAST - Supported via Sobelow
- SCA - Supported
- Open Source License Compliance - Supported
- Developer Security Guidance - Created and open sourced by Paraxial.io
- RASP - Created and open sourced by Paraxial.io
- Runtime Asset Management - Supported
- Bot Defense - Supported
- Hex Native Install - Supported
GitHub
To GitHub’s credit, they have been strong supporters of Elixir, adding native support in the web interface and including Elixir in their advisories database.
- SAST - Supported via Sobelow upload
- SCA - Dependabot does support Elixir, but it's not perfect. For example, Elixir is not supported in dependency graph.
GitLab
Snyk
Mend
- SAST - No
- SCA - Supported
- License Compliance - Probably since they have it for SCA, I did not buy a license but it seems like they do.
GuardRails
- SAST - Supported
- SCA - No
- Developer Guidance - There are Elixir specific articles, but the quality is not good and some examples are wrong. For example, the binary_to_term article fails to mention non_executable_binary_to_term. The example given is not secure.
Cloudflare
Cloudflare has a bot defense offering. Many Paraxial.io customers also use Cloudflare, there is no technical conflict. See the Paraxial.io vs Cloudflare article for more details.
reCaptcha
Paraxial.io can be used with reCaptcha, there is no technical conflict. See the Paraxial.io vs reCaptcha article for more details.
Paraxial.io stops data breaches by securing your Elixir and Phoenix apps. Detect and fix critical security issues today.