We go deeper on the Sobelow library, a security-focused static analysis tool for Elixir and Phoenix apps. We talk with Griffin Byatt, the creator, and Holden Oullette, the new maintainer. We learn how and why the project was created, how it works, what it can and can't do, and how to use it in CI pipelines for continuous scanning. Sobelow is a cornerstone project in the community that checks a critical box for certification requirements which means we get to use Elixir when it might otherwise be a hard sell. Join us as we learn more about the project and the people behind it!
Show Notes online - http://podcast.thinkingelixir.com/148 (http://podcast.thinkingelixir.com/148)
Elixir Community News
- https://news.livebook.dev/hubs-and-secret-management---launch-week-1---day-3-3tMaJ2 (https://news.livebook.dev/hubs-and-secret-management---launch-week-1---day-3-3tMaJ2?utm_source=thinkingelixir&utm_medium=shownotes) – Livebook Launch Week - Day 3 - Hubs, secrets, teams, authentication
- https://news.livebook.dev/build-and-deploy-a-whisper-chat-app-to-hugging-face-in-15-minutes---launch-week-1---day-4-wYM0w (https://news.livebook.dev/build-and-deploy-a-whisper-chat-app-to-hugging-face-in-15-minutes---launch-week-1---day-4-wYM0w?utm_source=thinkingelixir&utm_medium=shownotes) – Livebook Launch Week - Day 4 - What is deploying apps to HuggingFace?
- https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI (https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI?utm_source=thinkingelixir&utm_medium=shownotes) – Livebook Launch Week - Day 5 - Data wrangling in Elixir with https://news.livebook.dev/data-wrangling-in-elixir-with-explorer-the-power-of-rust-the-elegance-of-r---launch-week-1---day-5-1xqwCI
- https://github.com/elixir-nx (https://github.com/elixir-nx?utm_source=thinkingelixir&utm_medium=shownotes) – The Nx GitHub organization page was set up
- https://twitter.com/sorentwo/status/1646493981591625732 (https://twitter.com/sorentwo/status/1646493981591625732?utm_source=thinkingelixir&utm_medium=shownotes) – Oban update 2.15.0
- https://github.com/sorentwo/oban/releases/tag/v2.15.0 (https://github.com/sorentwo/oban/releases/tag/v2.15.0?utm_source=thinkingelixir&utm_medium=shownotes) – Oban release notes
- https://twitter.com/osterbergmarcus/status/1646833341881016323 (https://twitter.com/osterbergmarcus/status/1646833341881016323?utm_source=thinkingelixir&utm_medium=shownotes) – Tweet asking about bulk steam inserts
- https://twitter.com/elixirphoenix/status/1646913447030865921 (https://twitter.com/elixirphoenix/status/1646913447030865921?utm_source=thinkingelixir&utm_medium=shownotes) – Phoenix response says the bulk insert is in main now.
- https://hexdocs.pm/ecto/Ecto.Changeset.html#cast_assoc/3-sorting-and-deleting-from-many-collections (https://hexdocs.pm/ecto/Ecto.Changeset.html#cast_assoc/3-sorting-and-deleting-from-many-collections?utm_source=thinkingelixir&utm_medium=shownotes) – Ecto's Sorting and deleting from -many collections
- https://twitter.com/iteamon/status/1648310734479130627 (https://twitter.com/iteamon/status/1648310734479130627?utm_source=thinkingelixir&utm_medium=shownotes) – Dry run implementation by Tymon Tobolski
- https://twitter.com/theerlef/status/1646211583172034563 (https://twitter.com/theerlef/status/1646211583172034563?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConf EU keynote to look forward to
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at [email protected] (mailto:[email protected])
Discussion Resources
- https://twitter.com/paraxialio/status/1641242283134660616 (https://twitter.com/paraxialio/status/1641242283134660616?utm_source=thinkingelixir&utm_medium=shownotes)
- https://github.com/nccgroup/sobelow (https://github.com/nccgroup/sobelow?utm_source=thinkingelixir&utm_medium=shownotes)
- https://github.com/nccgroup/sobelow/releases/tag/v0.12.2 (https://github.com/nccgroup/sobelow/releases/tag/v0.12.2?utm_source=thinkingelixir&utm_medium=shownotes) – recent release
- https://github.com/podium/elixir-secure-coding (https://github.com/podium/elixir-secure-coding?utm_source=thinkingelixir&utm_medium=shownotes)
- https://www.podium.com/ (https://www.podium.com/?utm_source=thinkingelixir&utm_medium=shownotes)
- https://podcast.thinkingelixir.com/122 (https://podcast.thinkingelixir.com/122?utm_source=thinkingelixir&utm_medium=shownotes) – Securing Elixir and Teaching the Team interview with Holden
- https://www.crowdstrike.com/cybersecurity-101/shift-left-security/ (https://www.crowdstrike.com/cybersecurity-101/shift-left-security/?utm_source=thinkingelixir&utm_medium=shownotes) – Shift left
- https://www.nccgroup.com/us/ (https://www.nccgroup.com/us/?utm_source=thinkingelixir&utm_medium=shownotes)
- https://github.com/podium/elixir-secure-coding (https://github.com/podium/elixir-secure-coding?utm_source=thinkingelixir&utm_medium=shownotes)
- https://github.com/ExHammer/hammer (https://github.com/ExHammer/hammer?utm_source=thinkingelixir&utm_medium=shownotes)
- SAST - Static Application Security Testing
- IAST - Interactive Application Security Testing
Guest Information
- https://twitter.com/HoldenOullette (https://twitter.com/HoldenOullette?utm_source=thinkingelixir&utm_medium=shownotes) – Holden on Twitter
- https://github.com/houllette/ (https://github.com/houllette/?utm_source=thinkingelixir&utm_medium=shownotes) – Holden on Github
- https://oullette.xyz/ (https://oullette.xyz/?utm_source=thinkingelixir&utm_medium=shownotes) – Holden's Blog
- https://twitter.com/griffinbyatt (https://twitter.com/griffinbyatt?utm_source=thinkingelixir&utm_medium=shownotes) – Griffin on Twitter
- https://github.com/GriffinMB/ (https://github.com/GriffinMB/?utm_source=thinkingelixir&utm_medium=shownotes) – Griffin on Github
- https://griffinbyatt.com/ (https://griffinbyatt.com/?utm_source=thinkingelixir&utm_medium=shownotes) – Griffin's page
Find us online
- Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir)
- Message the show on Fediverse - @[email protected] (https://genserver.social/ThinkingElixir)
- Email the show - [email protected] (mailto:[email protected])
- Mark Ericksen - @brainlid (https://twitter.com/brainlid)
- Mark Ericksen on Fediverse - @[email protected] (https://genserver.social/brainlid)
- David Bernheisel - @bernheisel (https://twitter.com/bernheisel)
- David Bernheisel on Fediverse - @[email protected] (https://genserver.social/dbern)
- Cade Ward - @cadebward (https://twitter.com/cadebward)
- Cade Ward on Fediverse - @[email protected] (https://genserver.social/cadebward)

Ver todos los episodios