Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mirego/elixir-security-advisories
🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database
https://github.com/mirego/elixir-security-advisories
advisories elixir erlang security vulnerabilities
Last synced: 29 days ago
JSON representation
🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database
- Host: GitHub
- URL: https://github.com/mirego/elixir-security-advisories
- Owner: mirego
- License: bsd-3-clause
- Created: 2022-08-09T00:00:09.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-02T18:06:31.000Z (2 months ago)
- Last Synced: 2024-06-04T23:36:29.147Z (29 days ago)
- Topics: advisories, elixir, erlang, security, vulnerabilities
- Language: Elixir
- Homepage:
- Size: 71.3 KB
- Stars: 117
- Watchers: 34
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Lists
- awesome-stars - mirego/elixir-security-advisories - 🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database (Elixir)
README
This repository is a dump of all Elixir/Erlang security advisories inside [GitHub Advisory Database](https://github.com/advisories).
This repository intends to be used as a replacement for [dependabot/elixir-security-advisories](https://github.com/dependabot/elixir-security-advisories) since it is no longer maintained, as of July 2022.
The _actual reason_ we (Mirego) need a public GitHub repository of Elixir security advisories, is because of [MixAudit](https://github.com/mirego/mix_audit), the tool we built to make sure our Elixir projects are scanned for potential vulnerabilities. MixAudit needs to be ran anonymously and locally (or in continuous integration) by anyone, so it cannot use GitHub GraphQL API’s [`securityVulnerabilities` query](https://docs.github.com/en/graphql/reference/queries#securityvulnerabilities) since it requires authentication.
This is why, every 6 hours, through [this workflow](https://github.com/mirego/elixir-security-advisories/blob/main/.github/workflows/cd.yml), the `packages` directory is synced with GitHub Advisory Database 🎉
## License
`elixir-security-advisories` is © 2022 [Mirego](https://www.mirego.com) and may be freely distributed under the [New BSD license](http://opensource.org/licenses/BSD-3-Clause). See the [`LICENSE.md`](https://github.com/mirego/elixir-security-advisories/blob/main/LICENSE.md) file.
However, since the data inside the `packages` directory is pulled from GitHub API, it is licensed under the under the terms of the CC-BY 4.0 open source license. See [GitHub documentation](https://docs.github.com/en/site-policy/github-terms/github-terms-for-additional-products-and-features#advisory-database) for the full terms.
The shield logo is based on [this lovely icon by Saeful Muslim](https://thenounproject.com/icon/shield-1258213/), from The Noun Project. Used under a [Creative Commons BY 3.0](http://creativecommons.org/licenses/by/3.0/) license.