简体繁体 English

Elixir 有源码分析工具吗？

[英]Is there any source code analysis tool for Elixir?

原文 2019-07-11 14:46:16 4 2 security/ elixir/ analysis

Is there any source code analysis tool that can detect security flaws in Elixir?有没有什么源码分析工具可以检测 Elixir 的安全漏洞？

I know about Sobelow, but I am not using Phoenix framework.我知道 Sobelow，但我没有使用 Phoenix 框架。

Thank you谢谢

2 个解决方案

It's not exactly what you need, but we have a public database with Elixir Security Advisories for Elixir packages (unfortunately not so updated):这不是您真正需要的，但我们有一个公共数据库，其中包含 Elixir 包的 Elixir 安全建议（不幸的是没有更新）：

https://github.com/dependabot/elixir-security-advisories https://github.com/dependabot/elixir-security-advisories

Currently we haven't a well known code analysis tool for pure Elixir, which would be listed on:目前我们还没有一个众所周知的纯 Elixir 代码分析工具，将列在：

If you are not using Phoenix framework, sobelow won't help.如果您没有使用 Phoenix 框架，那么 sobelow 将无济于事。 Thus I would say used Clamxir,因此我会说使用过 Clamxir，

https://github.com/ramortegui/clamxir https://github.com/ramortegui/clamxir

But purely based on your requirement and whether it does the necessary coverage.但纯粹基于您的要求以及它是否进行了必要的覆盖。

Java的开源静态源代码分析工具（面向安全性） - Open Source Static Source Code Analysis Tool (Security Oriented) For Java

静态/动态源代码分析 - Static / Dynamic source code analysis

是否有用于Workfusion代码的SAST工具？ - Is there any SAST tool for Workfusion code?

源代码分析和目标文件分析有什么区别？ - What is the difference between source code analysis and object file analysis?

Checkmarx 源代码分析工具将 mysql_fetch_array 标记为存储跨站点脚本攻击.. 如果是真正的错误，为什么以及如何解决？ - Checkmarx source code analysis tool marking mysql_fetch_array as Stored Cross-Site-Scripting attack.. Why and how to solve if it is real bug?

Dependabot/Snyk 工具，例如 Rust 和/或 Elixir 语言 - Dependabot/Snyk tool like for Rust and/or Elixir languages

Spring Boot启动分析工具 - Spring Boot Startup Analysis Tool

MS Access 2010安全分析工具 - Security Analysis Tool for MS Access 2010

如何验证此开源工具中的代码是否不会滥用您的Google帐户凭据？ - How to verify that the code in this open source tool doesn't misuse your Google Account credentials?

解决并修复static分析工具SPLINT指出的漏洞 - Solving and fixing vulnerability pointed by the static analysis tool SPLINT

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java的开源静态源代码分析工具（面向安全性） - Open Source Static Source Code Analysis Tool (Security Oriented) For Java 静态/动态源代码分析 - Static / Dynamic source code analysis 是否有用于Workfusion代码的SAST工具？ - Is there any SAST tool for Workfusion code? 源代码分析和目标文件分析有什么区别？ - What is the difference between source code analysis and object file analysis? Checkmarx 源代码分析工具将 mysql_fetch_array 标记为存储跨站点脚本攻击.. 如果是真正的错误，为什么以及如何解决？ - Checkmarx source code analysis tool marking mysql_fetch_array as Stored Cross-Site-Scripting attack.. Why and how to solve if it is real bug? Dependabot/Snyk 工具，例如 Rust 和/或 Elixir 语言 - Dependabot/Snyk tool like for Rust and/or Elixir languages Spring Boot启动分析工具 - Spring Boot Startup Analysis Tool MS Access 2010安全分析工具 - Security Analysis Tool for MS Access 2010 如何验证此开源工具中的代码是否不会滥用您的Google帐户凭据？ - How to verify that the code in this open source tool doesn't misuse your Google Account credentials? 解决并修复static分析工具SPLINT指出的漏洞 - Solving and fixing vulnerability pointed by the static analysis tool SPLINT

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM