Sobelow is a Security-focused static analysis tool for discovering vulnerabilities.

Sobelow is a Security-focused static analysis tool for discovering vulnerabilities.

Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent introducing a number of common vulnerabilities.

sobelow v0.5.2

Currently Sobelow detects some types of the following security issues:
+ Insecure configuration
+ Known-vulnerable Dependencies
+ Cross-Site Scripting
+ SQL injection
+ Command injection
+ Denial of Service
+ Directory traversal
+ Unsafe serialization
Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green.

A finding is typically marked “low confidence” if it looks like a function could be used insecurely, but it cannot reliably be determined if the function accepts user-supplied input. That is to say, green findings are not secure, they just require greater manual validation.

Note: This project is in constant development, and additional vulnerabilities will be flagged as time goes on. If you encounter a bug, or would like to request additional features or security checks, please open an issue!

Dependencies:
+ Elixir Language v1.4 or Higher
+ Erlang

Use and Installation:

Source: https://github.com/nccgroup