elixir-security
Safeguard articles tagged "elixir-security" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Elixir and Phoenix Security Best Practices: BEAM Footguns and the Hex Supply Chain
Phoenix is safe by default, but the BEAM has its own footguns — binary_to_term, atom exhaustion, dynamic eval — and the Erlang/OTP runtime beneath it shipped a CVSS 10.0 pre-auth SSH RCE in 2025.
Hex.pm package registry security and Elixir supply chain ...
Hex.pm blocks install-time scripts npm allows, but Elixir dependency risk still hides in native builds, Erlang CVEs, and thin registry-side vetting. Here's what to watch.
Mix dependency management and mix.lock integrity in Elixi...
A practical guide to mix.lock integrity: pinning Elixir dependencies, verifying lockfile hashes, and preventing supply chain tampering in mix.exs projects.
Erlang/OTP atom exhaustion and deserialization risks in E...
How the elixir atom exhaustion vulnerability lets attackers crash BEAM nodes via unsafe binary_to_term calls, and how Safeguard catches the pattern before it ships.
Auditing Elixir and Phoenix apps with mix_audit and Sobelow
A hands-on mix_audit Sobelow tutorial for scanning Elixir and Phoenix apps: dependency audits, static analysis, CI wiring, and triage tips.