Security Audit for Erlang and Elixir

The Security Audit for Erlang/Elixir (SAFE) is an intensive investigation into Erlang and Elixir code to identify vulnerabilities that would make the code susceptible to cyber attacks.
Validate your code. Protect your business.

Security Audit For Erlang Elixir

Who is it for?

  • All users of Erlang and Elixir, especially businesses that require high availability and resilience of their mission-critical applications.
  • Businesses already impacted by a security vulnerability within their Erlang or Elixir code base that want to investigate what other parts of their system may be vulnerable.
  • Anyone launching new Erlang or Elixir code, that would benefit from the reassurance that an audit can provide before going live.
  • Anyone concerned about the impact of a cyber attack.
  • Business continuity – where there is an impact to the operation of the business if an Erlang or Elixir node, system or application goes down.
  • Legislation – industries where system availability is mandatory and failure to meet requirements would lead to non-compliance and significant financial consequences.
  • Customer experience – guaranteeing systems are available for customers to carry out their daily lives. 
  • Corporate reputation – where system downtime or any form of security breach negatively impacts the reputation of the business, affecting its trading performance and potentially its responsibility to shareholders.

How does the SAFE audit work?

SAFE is an audit procedure, carried out by our Erlang and Elixir experts, aided by specialist software analytics.The findings are delivered in a comprehensive online report detailing:

  • Any security vulnerabilities found
  • The level of risk identified – categorised into low, moderate or high
  • Detail of each vulnerability including a description of the issue, the file path and the code in question
Download our product sheet here

How does SAFE CI/CD work?

SAFE offers a CI/CD version that integrates into your pipeline, allowing you to check for vulnerabilities whenever you commit new code. This helps you:

– Prevent malicious code from reaching production

– Identify security issues early

– Maintain a safer codebase

– Detect potential vulnerabilities directly within your CI/CD pipeline

Check out our SAFE documentation for more information.

Why Erlang Solutions?

  • Expert collaboration: SAFE has been developed in collaboration with ELTE-Soft and researchers from  Eötvös Loránd University, a prominent institution in Computer Science, and is based on a solid theoretical foundation and extensive research.
  • Erlang/Elixir proficiency: Erlang Solutions is the world leading consultancy for Erlang and Elixir. Our specialists have extensive experience supporting businesses across the world with their mission-critical systems and architecture.
  • Additional support: Beyond the report, we are the perfect team to help with any further support you might need. The findings of your report may indicate a bigger issue requiring a thorough code and architecture review. We can also offer training in developing secure Erlang and Elixir code, should any of your team need upskilling.
  • Timely service: Most security audits are completed within 2-5 business days, depending on the size and complexity of the system.

Frequently Asked Questions about SAFE

Who is the security audit for?

Our security audit is designed for teams and businesses using Erlang or Elixir who want to ensure their applications are secure. It’s ideal for startups, enterprises, and open-source maintainers looking to identify potential vulnerabilities and strengthen their security posture.

Does the audit detect 100% of vulnerabilities?

No security audit can guarantee finding every vulnerability.

Our audit follows a carefully curated checklist developed by the Erlang Ecosystem Foundation’s Security Working Group. This list focuses on the most critical security risks for Erlang and core Elixir issues.BEAM-based systems.

What does the security audit include?

SAFE identifies security risks in your Erlang or Elixir codebase. After the audit, you receive a detailed report outlining our findings, with severity levels and explanations.

Are the fixes of the issues found included in the audit?

Fixing issues is not included in the audit itself, but we offer additional code and architecture review as well as consulting services to help you remediate vulnerabilities and implement security best practices.

Is the audit only for security issues?

Yes, the primary focus of the SAFE audit is security. If you need a more comprehensive code quality and performance review, we offer separate code and architecture assessments for Erlang and Elixir.

Do you provide audits for open-source projects?

Yes, we offer free security CI/CD audits for open-source Erlang and Elixir projects to support the community and improve security across the ecosystem. Contact us for more details or check SAFE’s documentation and download the desktop app.

How does the process work?

For manual audit:
Contact us so we can discuss the details. Once the contract is arranged, we agree on the access to your source code (and sign NDA if necessary), and deliverables.

Our audit process should take 1-2 weeks, depending on the size and complexity of the source code.

For CI/CD:
You can download our Desktop App from our documentation.

After you install it, add your project to configure it.

At the last step, you can choose between an access for 1 month or 1 year, then we receive your license request, with the information we need for invoicing.

After the subscription fee is paid we can provide you with the license, and you can implement SAFE in your CI/CD pipeline.

Top 5 IoT Business Security Basics
IoT Business Security Basics
  • IoT
  • 15 min of reading time

Top 5 IoT Business Security Basics

Learn five key IoT business security considerations to protect your business from data breaches and operational disruptions.

Content Team
27th Feb 2025
SAFE for Elixir: Strengthening Security for Elixir and Erlang
SAFE for Elixir Strengthening Security for Elixir and Erlang
  • Webinar
  • 2 min of reading time

SAFE for Elixir: Strengthening Security for Elixir and Erlang

Presented by: Robert Fiko & Mohamed Ali Khechine – SAFE Team, Erlang Solutions About this talk Security in software development is more critical than ever….

Content Team
26th Mar 2025
DORA Compliance: What Fintech Businesses Need to Know
Digital Operational Resilience Act (DORA) for fintech

DORA Compliance: What Fintech Businesses Need to Know

DORA is in effect, making compliance essential for fintech firms. This guide covers key requirements, risks, and next steps.

Content Team
12th Feb 2025

Trusted by the world’s most ambitious companies

I spoke with two CTOs I know who utilize Erlang and they both recommended Erlang Solutions. They were able to come in with their expertise, help us establish best practice and give us confidence that going forward our systems would be efficient and reliable.

Dave Marks

Working together with Erlang Solutions, and the MongooseIM team was a great example of what a best of breed tech partnership can achieve. Their expertise in building resilient, fault-tolerant backend architecture created the foundation for a project that truly exceeded the expectations of our client

Matt Brooke-Smith

Working with our R&D partners, Erlang Solutions, was a very rewarding experience. The POA Netstat Agent exceeded our expectations and the team really went the extra mile to deliver this! When it comes to Elixir development, we highly recommend Erlang Solutions.

Igor Barinov