MixAudit provides a mix deps.audit task to scan Mix dependencies for security vulnerabilities.
Warning
⚠️ This project is currently under development, it is not ready for production use yet. ⚠️
Installation
Project dependency
Add mix_audit to the deps function in your project’s mix.exs file:
defp deps do
[
{:mix_audit, "~> 1.0", only: [:dev, :test], runtime: false}
]
end
Then run mix do deps.get, deps.compile inside your project’s directory.
Local escript
If you do not wish to include mix_audit in your project dependencies, you can install it as an escript:
$ mix escript.install hex mix_audit
The only difference is that instead of using the mix deps.audit task, you will have to use the ./mix_audit executable.
Usage
To generate a security report, you can use the deps.audit Mix task:
$ mix deps.auditOptions
| Option | Type | Default | Description |
|---|---|---|---|
path | String | Current directory | The root path of the project to audit |
format |
String (json | human) | human | The format of the report to generate |
$ mix deps.audit --root=/Users/remi/Projects/elixir-boilerplate --format=jsonLicense
MixAudit is © 2020 Mirego and may be freely distributed under the New BSD license. See the LICENSE.md file.
The detective hat logo is based on this lovely icon by Vectors Point, from The Noun Project. Used under a Creative Commons BY 3.0 license.
About Mirego
Mirego is a team of passionate people who believe that work is a place where you can innovate and have fun. We’re a team of talented people who imagine and build beautiful Web and mobile applications. We come together to share ideas and change the world.
We also love open-source software and we try to give back to the community as much as we can.