Securing Rails Applications with Brakeman Pro

Jul 30, 2017

Brakeman Pro is a code scanner for Ruby on Rails applications that identifies potential security vulnerabilities including cross-site scripting, SQL injection, mass assignment, unsafe deserialization, and more.

Brakeman Pro goes beyond simple grep or pattern matching. Brakeman Pro can track use of dangerous values across the Rails application flow - from controllers to views to partials.

Brakeman Pro Flow

Since Brakeman Pro is a code scanner, all it needs is your source code for analysis. You can go from install to viewing a full report in just minutes - no account creation, setup, or configuration required. Just point and scan.

Desktop for Triage

Brakeman Pro Desktop is optimized for triaging and managing results from code scans.

Results from multiple scans across any number of projects can be stored and organized in one place.

Brakeman Pro Desktop Triage

When triaging, you can adjust severity of warnings, mark valid findings and false positive, maintain per-warning notes, and search/sort/filter warnings.

All information about each warning is available in the GUI, including full source code for relevant files.

Brakeman Pro Desktop also provides a view into which filters are applied (or not) to each controller action. This view can be very useful when exploring authentication and authorization.

Learn more about Brakeman Pro Desktop.

Engine for Automation

Brakeman Pro Automation

Brakeman Pro Engine is the command line and library interface to Brakeman Pro. It is installed as a regular Ruby gem.

The Engine can be used for automating Brakeman Pro scans and preventing vulnerabilities from reaching production.

Brakeman Pro Engine

Brakeman Pro Engine can easily be added to tests or run as part of continuous integration. See our documentation for several automation options, including Jenkins and Travis CI.

require "brakeman/test/minitest"

class TestBrakemanWarnings < Minitest::Test
  parallelize_me!

  # Assert zero Brakeman warnings
  def test_no_brakeman_warnings
    assert_no_brakeman_warnings 
  end

end

Want a read-to-go solution in the cloud? Our Code Climate integration will automatically scan GitHub pull requests and code changes using Brakeman Pro.

Learn more about Brakeman Pro Engine.

Next Steps

If you have not purchased Brakeman Pro yet, you can review pricing and purchase licenses directly from our site.

Have questions? We are happy to help!