Paraxial.io scans your project for vulnerable code (Sobelow), vulnerable dependencies (deps.audit), and retired dependencies (hex.audit). This is in addition to the bot detection features of Paraxial.io. Snyk only finds vulnerable dependencies, it does not look for vulnerable code or retired dependencies.
We live and breath Elixir security at Paraxial.io. Our platform only supports Elixir, we offer Elixir security consulting, and we regularly publish articles on Elixir security on our blog. While Snyk does have Elixir support, it's only for finding vulnerable dependencies. Snyk does not track Sobelow findings or retired dependencies, both of which are of serious security concern.
As a large company, Snyk has an obligation to investors to grow as fast as possible, and focusing on Elixir does not support that goal. Paraxial.io is a fully bootstrapped company, started by people who love Elixir. Our products and services are created around Elixir and Phoenix, for a better customer experience.
To use Snyk you must install npm. This creates yet another requirement for your deployment. With the recent announcement that Tailwind does not require node or npm in Phoenix, it is unfortunate Snyk requires it to function. Paraxial.io is installed via hex, there is no requirement to use npm.
At Paraxial.io, our business is built around Elixir. We make a security platform for Elixir, offer security consulting specialized for the language, and frequently blog about Elixir security. By choosing Paraxial.io, you are strengthening the Elixir ecosystem by supporting a company dedicated to keeping Elixir and Phoenix applications secure.