Snyk for Elixir
Snyk builds a dependency tree for your project by analyzing your manifest and lock files.
Mix is a build tool that provides tasks for creating, compiling, and testing Elixir projects, managing its dependencies, and more.
Mix manages dependencies by integrating with the Hex package manager.
To build the dependency tree, Snyk analyzes your
mix.lockfile must be present and in sync with the
Projects in the Snyk UI are named according to the
appkeyword from the
project/0function exported by
Mix.Projectin the main
To override the name, use the
If you test a Mix Umbrella project, Snyk detects that this is an umbrella project and includes all the child apps automatically.
Along with the main
mix.exs, each app
mix.exsappears as a separate project in the Snyk UI, named according to the path to the app.
Snyk fully supports all
:hexpackages listed in the Mix project, including all their transitive dependencies and any vulnerabilities.
Hex support includes both Elixir and Erlang packages.
Snyk also has limited support for
:githubdependencies, but not their transitive dependencies or vulnerabilities.
:pathdependencies appear in the dependency tree by name
:githubdependencies appear in the dependency tree by repository URL and version (either
:ref, as defined in the