Robert is a software developer at Erlang Solutions mainly specialised in observability and security of Erlang and Elixir systems. Besides finding and fixing these vulnerabilities, he is interested in finding methods to connect runtime issues related to wrong implementation concepts with the support of different analytical tools. Outside of work, he can be found either in the mountains or at the nearest salsa/bachata dance social.
This year, we dreamed big: let’s adapt SAFE (our static analysis security tool) for Gleam. It shouldn’t be too hard, we thought, since we already adapted it for Elixir. We were wrong. Even though Erlang, Elixir, and Gleam all compile to the BEAM, the differences in their compilation pipelines challenged us in ways we didn’t expect. In this talk, I’ll tell the story of how we transitioned SAFE from Erlang and Elixir to Gleam, comparing how each language compiles to BEAM and where our first ideas broke. We’ll look at how Erlang–Elixir interop differs from Gleam–Erlang interop, what that means for static analysis, and why using simple Erlang checks is not enough. Finally, I’ll show how security analysis for Gleam actually works with a live demo of SAFE in action. By the end, attendees should understand what static analysis across BEAM languages taught us.
Key Takeaways:
Target Audience: