Sobelow
This scanner component runs Sobelow, a security-focused static analysis tool for Elixir/Phoenix applications. Sobelow helps developers identify and remediate common security issues in their Elixir codebases, such as SQL injection, XSS, and insecure configuration.
How to use with Smithy
Open-Source
There is an example workflow in the smithy repository. After you have cloned the repo, you can run:
$ smithyctl \
workflow run \
--overrides-path=./examples/sobelow/overrides.yaml \
--build-component-images \
./examples/sobelow/workflow.yaml
This will run Sobelow against your Elixir/Phoenix codebase as part of the workflow.
SaaS
- In the Smithy UI, open the page to create a new workflow.
- Add a an advanced git or github target and configure it to point to a repository with the source code for your Elixir/Phoenix application.
- Find Sobelow in the Scanners dropdown. Click to add it to the workflow.
- Run the workflow as normal.
- The results will be available in the Smithy UI, where you can review the security findings and take action as needed.
Options
This component does not accept options.