Inspecting Elixir Dependencies at Runtime for Security

A common challenge in vulnerability response is determining the exact version of a library running in production. The mix.exs file, used for dependency specification in Elixir, does not provide this information alone. This article suggests a manual process to inspect dependencies at runtime using the Application.loaded_applications() function. While this approach can be useful in emergency situations, it has limitations, such as the lack of an accurate timeline and the need for manual data collection. To address these issues, Paraxial.io introduces a new feature called App Audit. By automatically recording an audit for the Elixir application at runtime, App Audit eliminates the need for manual inspection and provides a comprehensive view of dependency versions. To use App Audit, developers simply need to install Paraxial.io and configure the agent. The audit results are then uploaded and can be accessed through the Paraxial.io platform.