Brakeman - Ruby on Rails Security Scanner


Brakeman is a free vulnerability scanner (SAST) for your Ruby on Rails applications.

3 min read


What is Brakeman?

Brakeman is a free static application security scanning tool which checks Ruby on Rails applications for security vulnerabilities.

Brakeman report

How to install Brakeman?

Using RubyGems:

					gem install brakeman

Using Bundler:

					group :development do
  gem 'brakeman'

Using Docker:

					docker pull presidentbeef/brakeman

Using Docker to build from source:

					git clone
cd brakeman
docker build . -t brakeman

How to configure Brakeman?

Brakeman is a great sast tool for Ruby on Rails projects however It may lack the semantic analysis part and generate false positives.


You can create your custom list to ignore those in your scan results.


to start the wizard you can initiate:

					brakeman -I

and you will go through brakeman results and choose the issues to ignore and in the end, you can save your configuration into a file. (“brakeman.ignore“)

Then you can use this file to update script/brakeman for next scans:

# Script for running Brakeman tests
# Brakeman is a security scanner

gem install --no-rdoc --no-ri brakeman
brakeman --ignore-config brakeman.ignore --exit-on-warn .

please share your experiences with Brakeman.


Or maybe you have a question.


Either way, let me know by leaving a comment below right now.

On this page:

Leave a Reply

Your email address will not be published. Required fields are marked *