Executes the SAFE binary via System.cmd/3.
Arguments are passed as a list — no shell string is constructed — so there is no risk of command injection from user-controlled data such as the project path or config JSON.
Summary
Functions
Runs the SAFE binary with the given subcommand, streaming output line-by-line to stdout.
Functions
Runs the SAFE binary with the given subcommand, streaming output line-by-line to stdout.
config_spec is either {:config_path, path} (pass --config-path <file>)
or {:config_json, json} (pass --config-json <inline_json>).
Returns :ok on exit code 0, or {:error, {subcommand_atom, exit_code}}
for any non-zero exit. Exit code 2 indicates vulnerabilities were found and
is treated as a distinct (non-fatal) result by the caller.