Elixir

Snyk for Elixir is supported only for Snyk Open Source.

Supported frameworks and package managers

Snyk offers security scanning to test your Elixir Projects for vulnerabilities using the CLI.

Features may not be available, depending on your plan. See pricing plans for more details.

Package managers / FeaturesCLI supportGit supportLicense scanningFix PRs

✔︎

Snyk builds a dependency tree for your Project by analyzing your manifest and lock files.

After Snyk builds the tree, Snyk uses the vulnerability database to find vulnerabilities in the packages anywhere in the dependency tree.

Getting started with Snyk for Elixir across environments

Snyk CLI

Mix/Hex

To scan your dependencies, first install Elixir and Mix. For details, see the Elixir installation instructions.

Mix is a build tool that manages dependencies, compiles, tests, and creates Elixir projects.

Mix manages dependencies by integrating with the Hex package manager.

To build the dependency tree, Snyk analyzes your mix.exs and mix.lock files. The mix.lock file must be present and in sync with the mix.exs file.

Project naming

Projects in the Snyk UI are named according to the app keyword from the project/0 function exported by Mix.Project in the main mix.exs file.

To override the name, use the --project-name CLI option.

Umbrella projects

If you test a Mix Umbrella project, Snyk detects that this is an umbrella project and includes all the child apps automatically.

Along with the main mix.exs, each app mix.exs appears as a separate Project in the Snyk UI, named according to the path to the app.

Snyk fully supports all :hex packages listed in the Mix project, including all their transitive dependencies and any vulnerabilities.

Hex support includes both Elixir and Erlang packages.

Snyk also has limited support for :path, :git and :github dependencies, but not their transitive dependencies or vulnerabilities.

  • :path dependencies appear in the dependency tree by name

  • :git and :github dependencies appear in the dependency tree by repository URL and version (either :branch, :tag or :ref, as defined in the mix.exs file)

Snyk integrations

🔗 For integrated development environments, see Use Snyk in your IDE.

🔗 If you prefer continuous integration/continuous delivery workflows, you can scan with Snyk based on the integration with your automation software (see Snyk CI/CD and Snyk API).

Troubleshooting

If you need help, contact Snyk Support.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.