Introducing the GitHub App

Michael Lubas, 2024-01-03

Modern software development means code changes are pushed into production on a daily basis. A traditional penetration testing engagement provides a snapshot of an application’s security. True security requires automation, where every new change is analyzed.

Elixir has excellent open source security tools, including Sobelow for code security. Why is needed? Consider the following Sobelow findings:

Config.CSRFRoute: CSRF via Action Reuse
Misc.BinToTerm: Unsafe `binary_to_term`
Config.CSP: Missing Content-Security-Policy

How would you rank these by priority? How do you fix each one? The task of triaging and remediating findings can be frustrating, leading some teams to ignore them completely. is able to prioritize these findings, highlighting the fact that BinToTerm is the worst one.

Today the GitHub App is live, providing actionable security feedback to developers, right in the pull request:

Each finding includes detailed information on vulnerability impact and how to resolve it.

In some cases, can even suggest a fix.

When the issues are fixed, will report this in the PR and keep a record for future compliance audits.

If you are currently a customer, see the documentation page for setup instructions. If you would like to start using, please reach out today. stops data breaches by securing your Elixir and Phoenix apps. Detect and fix critical security issues today.

Subscribe to stay up to date on new posts.