Open Source Elixir Security Software

Guardian is a token based authentication library for use with Elixir applications. Guardian remains a functional system. It integrates with Plug but can be used outside of it. If you're implementing a TCP/UDP protocol directly or want to utilize your authentication via channels in Phoenix, Guardian can work for you. The core currency of authentication in Guardian is the token. By default JSON Web Tokens are supported out of the box but you can use any token that Has the concept of a key-value payload, is tamper-proof, can serialize to a String, or that has a supporting module that implements the Guardian.Token behavior. You can use Guardian tokens to authenticate web endpoints (Plug/Phoenix/X), channels/Sockets (Phoenix - optional), and any other system you can imagine. If you can attach an authentication token you can authenticate it.

Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities. Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green. A finding is typically marked "low confidence" if it looks like a function could be used insecurely, but it cannot reliably be determined if the function accepts user-supplied input. That is to say, if a finding is marked green, it may be critically insecure, but it will require greater manual validation. This project is in constant development, and additional vulnerabilities will be flagged as time goes on. If you encounter a bug, or would like to request additional features or security checks, please open an issue!