Brakeman - Ruby on Rails Security Scanner

Summary

Brakeman is a free vulnerability scanner (SAST) for your Ruby on Rails applications.

3 min read

Brakeman

What is Brakeman?

Brakeman is a free static application security scanning tool which checks Ruby on Rails applications for security vulnerabilities.

Brakeman report

How to install Brakeman?

Using RubyGems:

				
					gem install brakeman
				
			

Using Bundler:

				
					group :development do
  gem 'brakeman'
end
				
			

Using Docker:

				
					docker pull presidentbeef/brakeman
				
			

Using Docker to build from source:

				
					git clone https://github.com/presidentbeef/brakeman.git
cd brakeman
docker build . -t brakeman
				
			

How to configure Brakeman?

Brakeman is a great sast tool for Ruby on Rails projects however It may lack the semantic analysis part and generate false positives.

 

You can create your custom list to ignore those in your scan results.

 

to start the wizard you can initiate:

				
					brakeman -I
				
			

and you will go through brakeman results and choose the issues to ignore and in the end, you can save your configuration into a file. (“brakeman.ignore“)

Then you can use this file to update script/brakeman for next scans:

				
					#!/bin/bash
#
# Script for running Brakeman tests
# Brakeman is a security scanner https://github.com/presidentbeef/brakeman.

gem install --no-rdoc --no-ri brakeman
brakeman --ignore-config brakeman.ignore --exit-on-warn .
				
			

please share your experiences with Brakeman.

 

Or maybe you have a question.

 

Either way, let me know by leaving a comment below right now.

On this page:

Leave a Reply

Your email address will not be published. Required fields are marked *