Brakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
It works with Rails 2.x, 3.x, and 4.x.
There is also a [plugin available](http://brakemanscanner.org/docs/jenkins/) for Jenkins/Hudson.
For even more continuous testing, try the [Guard plugin](https://github.com/guard/guard-brakeman).
# Homepage/News
Website: http://brakemanscanner.org/
Twitter: http://twitter.com/brakeman
Mailing list: brakeman@librelist.com
# Installation
Using RubyGems:
gem install brakeman
Using Bundler, add to development group in Gemfile and set to not be required automatically:
Using Bundler:
group :development do
gem 'brakeman', :require => false
end
From source:
# Usage
gem build brakeman.gemspec
gem install brakeman*.gem
From a Rails application's root directory:
## For Slim Users
brakeman
[Slim v3.0.0](https://github.com/slim-template/slim/blob/master/CHANGES#L12) dropped support for Ruby 1.8.7. Install a version of [`slim`](http://slim-lang.com/) compatible with your Ruby.
It is simplest to run Brakeman from the root directory of the Rails application. A path may also be supplied.
Brakeman works with Rails 2.x, 3.x, and 4.x.
# Basic Options
For a full list of options, use `brakeman --help` or see the OPTIONS.md file.
For a full list of options, use `brakeman --help` or see the [OPTIONS.md](OPTIONS.md) file.
To specify an output file for the results:
...
...
@@ -118,7 +98,7 @@ To create and manage this file, use:
# Warning information
See WARNING\_TYPES for more information on the warnings reported by this tool.
See [WARNING\_TYPES](WARNING_TYPES) for more information on the warnings reported by this tool.
# Warning context
...
...
@@ -150,6 +130,28 @@ The default config locations are `./config/brakeman.yml`, `~/.brakeman/config.ym
The `-c` option can be used to specify a configuration file to use.
# For Slim Users
[Slim v3.0.0](https://github.com/slim-template/slim/blob/master/CHANGES#L12) dropped support for Ruby 1.8.7. Install a version of [`slim`](http://slim-lang.com/) compatible with your Ruby.