Brakeman is a free vulnerability scanner (SAST) for your Ruby on Rails applications.
3 min read
Brakeman is a free static application security scanning tool which checks Ruby on Rails applications for security vulnerabilities.
gem install brakeman
group :development do gem 'brakeman' end
docker pull presidentbeef/brakeman
Using Docker to build from source:
git clone https://github.com/presidentbeef/brakeman.git cd brakeman docker build . -t brakeman
Brakeman is a great sast tool for Ruby on Rails projects however It may lack the semantic analysis part and generate false positives.
You can create your custom list to ignore those in your scan results.
to start the wizard you can initiate:
and you will go through brakeman results and choose the issues to ignore and in the end, you can save your configuration into a file. (“brakeman.ignore“)
Then you can use this file to update script/brakeman for next scans:
#!/bin/bash # # Script for running Brakeman tests # Brakeman is a security scanner https://github.com/presidentbeef/brakeman. gem install --no-rdoc --no-ri brakeman brakeman --ignore-config brakeman.ignore --exit-on-warn .
please share your experiences with Brakeman.
Or maybe you have a question.
Either way, let me know by leaving a comment below right now.