Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. In testing, this has dramatically improved speed for large code bases, around 35% reduction in overall scan time. Brakeman will now track and return very simple literal values (e.g. strings, hashes of literals, arrays of literals) from very simple class methods (e.g. single line). Since ActiveRecord enums essentially generate some class (and instance) methods that return fixed literal values, the above class method return values is also used to support enum.
Features
- Brakeman should work with any version of Rails from 2.3.x to 6.x
- Brakeman can analyze code written with Ruby 1.8 syntax and newer, but requires at least Ruby 2.3.0 to run
- Brakeman assigns a confidence level to each warning
- Brakeman options can be stored and read from YAML files
- To simplify the process of writing a configuration file, the -C option will output the currently set options
- Options passed in on the commandline have priority over configuration files
Project Samples
