Security Vendors and Elixir Support

Michael Lubas, 2024-02-28

Many security vendors claim to support Elixir, yet when setup time comes the results are often disappointing. The chart above lists several common security tools and requirements for securing Elixir code, mapping features to the relevant vendors. Below are notes about how each vendor was assessed. Author contact: michael at this domain.

Paraxial.io

  1. SAST - Supported via Sobelow
  2. SCA - Supported
  3. Open Source License Compliance - Supported
  4. Developer Security Guidance - Created and open sourced by Paraxial.io
  5. RASP - Created and open sourced by Paraxial.io
  6. Runtime Asset Management - Supported
  7. Bot Defense - Supported
  8. Hex Native Install - Supported

GitHub

To GitHub’s credit, they have been strong supporters of Elixir, adding native support in the web interface and including Elixir in their advisories database.

  1. SAST - Supported via Sobelow upload
  2. SCA - Dependabot does support Elixir, but it's not perfect. For example, Elixir is not supported in dependency graph.

GitLab

  1. SAST - Supported via Sobelow, but requires a special wrapper with Go
  2. SCA - No

Snyk

  1. SAST - No
  2. SCA - Supported
  3. License Compliance - No

Mend

  1. SAST - No
  2. SCA - Supported
  3. License Compliance - Probably since they have it for SCA, I did not buy a license but it seems like they do.

GuardRails

  1. SAST - Supported
  2. SCA - No
  3. Developer Guidance - There are Elixir specific articles, but the quality is not good and some examples are wrong. For example, the binary_to_term article fails to mention non_executable_binary_to_term. The example given is not secure.

Cloudflare

Cloudflare has a bot defense offering. Many Paraxial.io customers also use Cloudflare, there is no technical conflict. See the Paraxial.io vs Cloudflare article for more details.


reCaptcha

Paraxial.io can be used with reCaptcha, there is no technical conflict. See the Paraxial.io vs reCaptcha article for more details.


Paraxial.io stops data breaches by securing your Elixir and Phoenix apps. Detect and fix critical security issues today. Attending ElixirConf EU (April 17th) in Lisbon? Paraxial.io founder Michael Lubas is giving the training Elixir Application Security and will be speaking at the conference. Hope to see you there!

Subscribe to stay up to date on new posts.