Why Does Focus on Elixir Security?

by Michael Lubas is an application security platform created for Elixir. The two primary use cases are defense against malicious web bots and vulnerability management. Similar tools on the market today include reCaptcha, Snyk, and Cloudflare bot defense.’s backend is written in Elixir, all our customers are using Elixir, and even this blog is a Phoenix application running Dashbit’s NimblePublisher.

The business focus on Elixir is distinctive, and goes against the conventional wisdom to support as many languages, web servers, and platforms as possible. When security companies lack a clear direction for their product, quality visibly suffers. The unfortunate reality of many vendors is they put shipping any integration possible ahead of a quality product. has an ambitious goal, the creation of security product that customers enjoy using. This goal, like our focus on Elixir, is unorthodox for a security company.

Elixir Security Education

Naturally,’s customers are members of the Elixir community. Our desire to support developer education on Elixir security led to the publication of articles on this topic. A few examples include:

- Securing Elixir/Phoenix Applications: 5 Tips to Get Started

- Detecting SQL Injection in Phoenix with Sobelow

- Elixir Dependency Security: Mix, Hex, and Understanding the Ecosystem

The positive feedback shows there is demand for more guidance on Elixir security. I personally love the language, and am fortunate to work with Elixir professionally. While the goal of is to be the leader in Elixir security, that can only be achieved through service and respect for our customers. The blog has been an excellent tool in helping Elixir developers and companies learn about security.

A Brief View of Security Vendors

The majority of people today are familiar with reCaptcha, those confusing puzzles about crosswalks that disrupt your web browsing. The reason site owners use reCaptcha is to stop bots performing attacks like credential stuffing, credit card fraud, and SMS spam. The business downside of using reCaptcha is obvious, users are less likely to spend money on your site, hackers can bypass it, and Google does not provide any support for Elixir.

The lack of support for Elixir is common among security vendors. Even Snyk, who supports management of vulnerable Hex dependencies, lacks Sobelow support. Companies who need bot defense, static analysis, and dependency security had to spread these across three different vendors before This is wasteful, both in terms of security budget and the time spent working with different vendors who do not see Elixir as a business priority. We saw this situation as an opportunity for to provide a much needed product, with better customer service than the competition.

Modern Software Security

Installing is the same as any library from Hex: add to your mix.exs file, configure the API key, and you’re done. There is no changing DNS settings, which can lead to downtime, or digging through Nginx configs. Modern software development takes place on Platform as a Service offerings, such as or Gigalixir, and is designed to fully support this model.

The Agent is installed via Hex.

The vulnerability management feature of runs via a mix task, mix paraxial.scan, which can be run in your local environment, or integrated into your CI/CD pipeline for continuous security. Most software security vendors add unnecessary complexity, introducing requirements for Docker or installing Java, because their “universal platform” puts inferior support for many environments (more profits) over performance, developer experience, and even security (the ostensible goal of their software).

The article 10 years(-ish) of Elixir by José Valim (creator of Elixir) provides an excellent summary of how rapidly the ecosystem is growing. Here at, we are grateful for the opportunity to contribute through our security platform, educational resources, and engagement with the community. If you are using Elixir, thank you! secures Elixir and Phoenix applications. Professional services, including Elixir developer security training and penetration testing, are also available. Schedule a call today. is the only application security and compliance platform made for Elixir.

Subscribe for new posts about Elixir and Phoenix security.