Skip to content

🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database

License

Notifications You must be signed in to change notification settings

mirego/elixir-security-advisories

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation





This repository is a dump of all Elixir/Erlang security advisories inside GitHub Advisory Database.

This repository intends to be used as a replacement for dependabot/elixir-security-advisories since it is no longer maintained, as of July 2022.

The actual reason we (Mirego) need a public GitHub repository of Elixir security advisories, is because of MixAudit, the tool we built to make sure our Elixir projects are scanned for potential vulnerabilities. MixAudit needs to be ran anonymously and locally (or in continuous integration) by anyone, so it cannot use GitHub GraphQL API’s securityVulnerabilities query since it requires authentication.

This is why, every 6 hours, through this workflow, the packages directory is synced with GitHub Advisory Database 🎉

License

elixir-security-advisories is © 2022 Mirego and may be freely distributed under the New BSD license. See the LICENSE.md file.

However, since the data inside the packages directory is pulled from GitHub API, it is licensed under the under the terms of the CC-BY 4.0 open source license. See GitHub documentation for the full terms.

The shield logo is based on this lovely icon by Saeful Muslim, from The Noun Project. Used under a Creative Commons BY 3.0 license.

About

🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published