148: Security Scanning our Apps with Sobelow
Went deeper on Sobelow, the Elixir and Phoenix security code scanner. Hear about the creation from Griffin Byatt and where it’s going from the new maintainer Holden Oullette!
Audio is streamed directly from the publisher (aphid.fireside.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
We go deeper on the Sobelow library, a security-focused static analysis tool for Elixir and Phoenix apps. We talk with Griffin Byatt, the creator, and Holden Oullette, the new maintainer. We learn how and why the project was created, how it works, what it can and can't do, and how to use it in CI pipelines for continuous scanning. Sobelow is a cornerstone project in the community that checks a critical box for certification requirements which means we get to use Elixir when it might otherwise be a hard sell. Join us as we learn more about the project and the people behind it!
Show Notes online - http://podcast.thinkingelixir.com/148
Elixir Community News
- https://news.livebook.dev/hubs-and-secret-management---launch-week-1---day-3-3tMaJ2 – Livebook Launch Week - Day 3 - Hubs, secrets, teams, authentication
- https://news.livebook.dev/build-and-deploy-a-whisper-chat-app-to-hugging-face-in-15-minutes---launch-week-1---day-4-wYM0w – Livebook Launch Week - Day 4 - What is deploying apps to HuggingFace?
- https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI – Livebook Launch Week - Day 5 - Data wrangling in Elixir with https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI
- https://github.com/elixir-nx – The Nx GitHub organization page was set up
- https://twitter.com/sorentwo/status/1646493981591625732 – Oban update 2.15.0
- https://github.com/sorentwo/oban/releases/tag/v2.15.0 – Oban release notes
- https://twitter.com/osterbergmarcus/status/1646833341881016323 – Tweet asking about bulk steam inserts
- https://twitter.com/elixirphoenix/status/1646913447030865921 – Phoenix response says the bulk insert is in main now.
- https://hexdocs.pm/ecto/Ecto.Changeset.html#cast_assoc/3-sorting-and-deleting-from-many-collections – Ecto's Sorting and deleting from -many collections
- https://twitter.com/iteamon/status/1648310734479130627 – Dry run implementation by Tymon Tobolski
- https://twitter.com/theerlef/status/1646211583172034563 – ElixirConf EU keynote to look forward to
Do you have some Elixir news to share? Tell us at @ThinkingElixir or email at [email protected]
Discussion Resources
- https://twitter.com/paraxialio/status/1641242283134660616
- https://github.com/nccgroup/sobelow
- https://github.com/nccgroup/sobelow/releases/tag/v0.12.2 – recent release
- https://github.com/podium/elixir-secure-coding
- https://www.podium.com/
- https://podcast.thinkingelixir.com/122 – Securing Elixir and Teaching the Team interview with Holden
- https://www.crowdstrike.com/cybersecurity-101/shift-left-security/ – Shift left
- https://www.nccgroup.com/us/
- https://github.com/podium/elixir-secure-coding
- https://github.com/ExHammer/hammer
- SAST - Static Application Security Testing
- IAST - Interactive Application Security Testing
Guest Information
- https://twitter.com/HoldenOullette – Holden on Twitter
- https://github.com/houllette/ – Holden on Github
- https://oullette.xyz/ – Holden's Blog
- https://twitter.com/griffinbyatt – Griffin on Twitter
- https://github.com/GriffinMB/ – Griffin on Github
- https://griffinbyatt.com/ – Griffin's page
Find us online
- Message the show - @ThinkingElixir
- Message the show on Fediverse - @[email protected]
- Email the show - [email protected]
- Mark Ericksen - @brainlid
- Mark Ericksen on Fediverse - @[email protected]
- David Bernheisel - @bernheisel
- David Bernheisel on Fediverse - @[email protected]
- Cade Ward - @cadebward
- Cade Ward on Fediverse - @[email protected]
Sponsored By: