Brakeman

Brakeman

Category: SAST
License: Free (Open-Source)
Visit Website →
GitHub (7200★)

Brakeman is a free vulnerability scanner (SAST) for your Ruby on Rails applications.

With over 7,200 GitHub stars and 154 contributors, it has become the go-to security scanner for the Rails community.

What is Brakeman?

Brakeman is a free static application security scanning tool which checks Ruby on Rails applications for security vulnerabilities.

The tool supports Rails versions from 2.3.x through 8.x and is used by organizations including Code Climate, GitHub, Groupon, New Relic, and Twitter.

How to install Brakeman?

Using RubyGems:

gem install brakeman

Using Bundler:

group :development do
  gem 'brakeman'
end

Using Docker:

docker pull presidentbeef/brakeman

Using Docker to build from source:

git clone https://github.com/presidentbeef/brakeman.git
cd brakeman
docker build . -t brakeman

How to configure Brakeman?

Brakeman is a great sast tool for Ruby on Rails projects however It may lack the semantic analysis part and generate false positives.

You can create your custom list to ignore those in your scan results.

To start the wizard you can initiate:

brakeman -I

This will guide you through brakeman results and you can choose the issues to ignore.

In the end, you can save your configuration into a file. (“brakeman.ignore”)

Then you can use this file to update script/brakeman for next scans:

#!/bin/bash
#
# Script for running Brakeman tests
# Brakeman is a security scanner https://github.com/presidentbeef/brakeman

gem install --no-rdoc --no-ri brakeman
brakeman --ignore-config brakeman.ignore --exit-on-warn .

Other SAST Tools

Bandit
Bandit

Open-Source Python Scanner

Checkmarx
Checkmarx

Gartner Leader for Enterprise SAST

Codacy
Codacy

40+ Languages with AI Code Protection

Contrast Scan
Contrast Scan

30+ Languages with Free Community

See all SAST tools