Top-level API for mix mob.security_scan.
Runs every layer of the scan against the current project and
returns a Report. Layers cover:
- Hex dependency CVEs (
mix_audit+ OSV) - Android Gradle dependency CVEs (
osv-scanner) - iOS Swift Package dependency CVEs (
osv-scanner) - Bundled-runtime CVEs — OpenSSL/SQLite/OTP/Elixir baked into the OTP tarballs (manifest + fingerprint verification + OpenSSL/SQLite/Erlef advisory feeds)
- C source static analysis (semgrep, flawfinder)
- Kotlin static analysis (detekt)
- Swift static analysis (
xcodebuild analyze)
Each layer can be disabled with --skip <name>. Layers
never raise: a missing tool or unreadable file lands as a
LayerResult with status :tool_missing or :error, not
an exception.
Summary
Functions
Default layer list. New layers register here as they are built.
Run the scan. opts may include
Functions
@spec default_layers() :: [module()]
Default layer list. New layers register here as they are built.
@spec run(keyword()) :: MobDev.SecurityScan.Report.t()
Run the scan. opts may include:
:layers— module list, defaults todefault_layers/0:skip— list of layer-name atoms to skip:project_root— directory to scan; defaults toFile.cwd!/0:on_layer_start/:on_layer_done— progress callbacks