Sobelow is the first security‐focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points‐of‐interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities.
Currently Sobelow detects some types of the following security issues:
- Insecure Configuration
- Known‐Vulnerable Dependencies Cross‐Site Scripting
- SQL Injection
- Command Injection
- Denial of Service
- Directory Traversal
- Unsafe Serialization
Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green.
For more information on Sobelow, read the blog post from Griffin Byatt.