Brakeman is a free vulnerability scanner (SAST) for your Ruby on Rails applications.
3 min read
Brakeman is a free static application security scanning tool which checks Ruby on Rails applications for security vulnerabilities.
Using RubyGems:
gem install brakeman
Using Bundler:
group :development do
gem 'brakeman'
end
Using Docker:
docker pull presidentbeef/brakeman
Using Docker to build from source:
git clone https://github.com/presidentbeef/brakeman.git
cd brakeman
docker build . -t brakeman
Brakeman is a great sast tool for Ruby on Rails projects however It may lack the semantic analysis part and generate false positives.
You can create your custom list to ignore those in your scan results.
to start the wizard you can initiate:
brakeman -I
and you will go through brakeman results and choose the issues to ignore and in the end, you can save your configuration into a file. (“brakeman.ignore“)
Then you can use this file to update script/brakeman for next scans:
#!/bin/bash
#
# Script for running Brakeman tests
# Brakeman is a security scanner https://github.com/presidentbeef/brakeman.
gem install --no-rdoc --no-ri brakeman
brakeman --ignore-config brakeman.ignore --exit-on-warn .
please share your experiences with Brakeman.
Or maybe you have a question.
Either way, let me know by leaving a comment below right now.
appsecsanta.com is part of CNT Friends Oy registered in Finland. Company No: 2993839-3 | © 2019-2022. All rights reserved.