Security Scanning our Apps with Sobelow

We go deeper on the Sobelow library, a security-focused static analysis tool for Elixir and Phoenix apps. We talk with Griffin Byatt, the creator, and Holden Oullette, the new maintainer. We learn how and why the project was created, how it works, what it can and can't do, and how to use it in CI pipelines for continuous scanning. Sobelow is a cornerstone project in the community that checks a critical box for certification requirements which means we get to use Elixir when it might otherwise be a hard sell. Join us as we learn more about the project and the people behind it!

Show Notes online - http://podcast.thinkingelixir.com/148

Elixir Community News

• https://news.livebook.dev/hubs-and-secret-management---launch-week-1---day-3-3tMaJ2 – Livebook Launch Week - Day 3 - Hubs, secrets, teams, authentication
• https://news.livebook.dev/build-and-deploy-a-whisper-chat-app-to-hugging-face-in-15-minutes---launch-week-1---day-4-wYM0w – Livebook Launch Week - Day 4 - What is deploying apps to HuggingFace?
• https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI – Livebook Launch Week - Day 5 - Data wrangling in Elixir with https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI
• https://github.com/elixir-nx – The Nx GitHub organization page was set up
• https://twitter.com/sorentwo/status/1646493981591625732 – Oban update 2.15.0
• https://github.com/sorentwo/oban/releases/tag/v2.15.0 – Oban release notes
• https://twitter.com/osterbergmarcus/status/1646833341881016323 – Tweet asking about bulk steam inserts
• https://twitter.com/elixirphoenix/status/1646913447030865921 – Phoenix response says the bulk insert is in main now.
• https://hexdocs.pm/ecto/Ecto.Changeset.html#cast_assoc/3-sorting-and-deleting-from-many-collections – Ecto's Sorting and deleting from -many collections
• https://twitter.com/iteamon/status/1648310734479130627 – Dry run implementation by Tymon Tobolski
• https://twitter.com/theerlef/status/1646211583172034563 – ElixirConf EU keynote to look forward to

Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at show@thinkingelixir.com

Discussion Resources

• https://twitter.com/paraxialio/status/1641242283134660616
• https://github.com/nccgroup/sobelow
• https://github.com/nccgroup/sobelow/releases/tag/v0.12.2 – recent release
• https://github.com/podium/elixir-secure-coding
• https://www.podium.com/
• https://podcast.thinkingelixir.com/122 – Securing Elixir and Teaching the Team interview with Holden
• https://www.crowdstrike.com/cybersecurity-101/shift-left-security/ – Shift left
• https://www.nccgroup.com/us/
• https://github.com/podium/elixir-secure-coding
• https://github.com/ExHammer/hammer
• SAST - Static Application Security Testing
• IAST - Interactive Application Security Testing

Guest Information

• https://twitter.com/HoldenOullette – Holden on Twitter
• https://github.com/houllette/ – Holden on Github
• https://oullette.xyz/ – Holden's Blog
• https://twitter.com/griffinbyatt – Griffin on Twitter
• https://github.com/GriffinMB/ – Griffin on Github
• https://griffinbyatt.com/ – Griffin's page

Find us online

• Message the show - @ThinkingElixir
• Message the show on Fediverse - @ThinkingElixir@genserver.social
• Email the show - show@thinkingelixir.com
• Mark Ericksen - @brainlid
• Mark Ericksen on Fediverse - @brainlid@genserver.social
• David Bernheisel - @bernheisel
• David Bernheisel on Fediverse - @dbern@genserver.social
• Cade Ward - @cadebward
• Cade Ward on Fediverse - @cadebward@genserver.social