This repository is a dump of all Elixir/Erlang security advisories inside GitHub Advisory Database.
This repository intends to be used as a replacement for dependabot/elixir-security-advisories since it is no longer maintained, as of July 2022.
The actual reason we (Mirego) need a public GitHub repository of Elixir security advisories, is because of MixAudit, the tool we built to make sure our Elixir projects are scanned for potential vulnerabilities. MixAudit needs to be ran anonymously and locally (or in continuous integration) by anyone, so it cannot use GitHub GraphQL API’s securityVulnerabilities query since it requires authentication.
This is why, every 6 hours, through this workflow, the packages directory is synced with GitHub Advisory Database 🎉
elixir-security-advisories is © 2022 Mirego and may be freely distributed under the New BSD license. See the LICENSE.md file.
However, since the data inside the packages directory is pulled from GitHub API, it is licensed under the under the terms of the CC-BY 4.0 open source license. See GitHub documentation for the full terms.
The shield logo is based on this lovely icon by Saeful Muslim, from The Noun Project. Used under a Creative Commons BY 3.0 license.