Currently GitHub's Security Alerts service only support Ruby and JavaScript. It would be awesome to have it support Elixir, too, and this repo might help

@mijuhan - is there anyone from your team we should talk to about having the data in this repo contribute to security alerts for Elixir (as/when they happen)?

Thanks for the feature request! We are not ready at this point to accept contributions but will let you know when we are.

Is this still planned? It would be great to have.

It is! It helps that I work at @github now!

No promises on timeline, but we're aiming for the next six months.

That's great to hear! Thanks!

This should help: Elixir advisories are now included in the GitHub Advisory Database.

(Not full support for alerts yet, so I won't close this out. It should be relatively straightforward to write an Action for Elixir that submits dependencies to the GitHub dependency graph, and that, combined with the data in the advisory database, will trigger alerts.)

OK, with the above, I think it's time we archived this repo. All of the data from it is in the GitHub advisory database (repo here) and can be fetched via its GraphQL API.

@jeffwidman if you could do the honours that would be 💯.

Also, FWIW we've already got an internal issue tracking adding this plumbing, but given all the things on that team's plate, I doubt that will be high priority anytime soon. In the meantime, as @greysteil suggested above it should be easy enough to write your own action that wires this together.