Brakeman Pro

Updates & Media

ALL UPDATES

Brakeman Pro has been Acquired by Synopsys

Jun 28, 2018
RailsConf 2018 Impressions

Apr 24, 2018
Brakeman Pro 1.7.3 Released

Mar 24, 2018
Brakeman Pro 1.7.2 Released

Feb 22, 2018
Brakeman Pro 1.7.1 Released

Jan 10, 2018
Two Years of Brakeman Pro

Nov 15, 2017
Brakeman Pro Engine 4.0 Released

Sep 25, 2017
Cross-Site Scripting in Rails

Sep 8, 2017
Brakeman Pro 1.6.0 Released

Aug 22, 2017
Securing Rails Applications with Brakeman Pro

Jul 30, 2017
Automating Rails Security with Brakeman Pro

Jul 10, 2017
Brakeman Pro 1.5.0 Released

Jun 30, 2017
Brakeman Pro 1.4.1 Released

Mar 24, 2017
2017 Pricing Updates

Mar 1, 2017
Brakeman Pro 1.4.0 Released

Feb 3, 2017
One Year of Brakeman Pro

Nov 18, 2016
Brakeman Pro 1.3.3 Released

Nov 2, 2016
Brakeman Pro Engine Now Available on Code Climate

Oct 5, 2016
Brakeman Pro Engine is Here!

Sep 14, 2016
Brakeman Pro 1.3.2 Now Available

Sep 7, 2016
Brakeman Pro 1.3.1 Released

Aug 12, 2016
Brakeman Pro 1.3.0 Now Available

Jul 20, 2016
Brakeman Pro 1.2.2 Available

Jun 10, 2016
Brakeman Pro 1.2.1 Available

Jun 3, 2016
What Makes Brakeman Special

May 25, 2016
Brakeman Pro 1.2.0 Released!

Mar 15, 2016
Brakeman Pro 1.1.1 Now Available

Feb 3, 2016
Brakeman Pro 1.0 is Available!

Nov 18, 2015
Testing JRubyFX Applications in Docker Containers

Sep 5, 2015
Testing JRubyFX Applications with Automaton

Sep 5, 2015
What is JRubyFX?

Sep 5, 2015

Brakeman Pro Engine 4.0 Released

Sep 25, 2017

Brakeman Pro Engine 4.0 and Brakeman Pro Desktop 1.6.1 have been released.

Brakeman Pro Engine 4.0 introduces backwards-incompatible changes!

Brakeman Pro Engine will now return non-zero exit codes if any warnings are found or if any errors are raised during the scan. This behavior has been optionally available for a long time, but is now the default.

The default report format has been updated to use the “plain” text output which contains more complete information, including extended descriptions, file names, and check names. Use -f tables to output the old table report format.

Brakeman Pro Engine Plain Report

Any output to a terminal will now be paged by default, making it much easier to read through long reports. The pager will not be used if the CI environment variable is set to true, which most popular CI servers do. Use the --no-pager command line option to disable manually.

This release also adds new checks for Devise configuration best practices. New warnings have been added for weak hashing algorithms, suggested password length requirements, long password reset timeouts,missing account lockout strategies, and missing paranoid mode.

Brakeman Pro Desktop 1.6.1 has the latest Engine and has been updated to use JRuby 9.1.13.0.

Engine changes:

Add new checks for Devise configuration best practices
--exit-on-warn is now the default
--exit-on-error is now the default
“Plain” report output is now the default
Add simple pager for reports output to terminal
Remove low confidence mass assignment warnings
Reduce warnings about XSS in link_to
Treat request.cookies like cookies
Treat fail/raise like early returns
Rename “Cross Site Scripting” to “Cross-Site Scripting”
Remove reliance on CONFIDENCE constant in checks
Fix use of --exit-on-error and --exit-on-warn in config files

Desktop changes:

All builds now use JRuby 9.1.13.0

Brakeman Pro is a static analysis security tool for Ruby on Rails applications.

Brakeman Pro can be used as a desktop application, Ruby Gem, and as a Code Climate engine.

If you have not purchased Brakeman Pro yet, you can review pricing and purchase licenses directly from our site.

Need to try before buying? Take Brakeman Pro Desktop for a spin.

Please feel free to contact us with any questions!

Brakeman Pro

Updates & Media

ALL UPDATES

Brakeman Pro has been Acquired by Synopsys

RailsConf 2018 Impressions

Brakeman Pro 1.7.3 Released

Brakeman Pro 1.7.2 Released

Brakeman Pro 1.7.1 Released

Two Years of Brakeman Pro

Brakeman Pro Engine 4.0 Released

Cross-Site Scripting in Rails

Brakeman Pro 1.6.0 Released

Securing Rails Applications with Brakeman Pro

Automating Rails Security with Brakeman Pro

Brakeman Pro 1.5.0 Released

Brakeman Pro 1.4.1 Released

2017 Pricing Updates

Brakeman Pro 1.4.0 Released

One Year of Brakeman Pro

Brakeman Pro 1.3.3 Released

Brakeman Pro Engine Now Available on Code Climate

Brakeman Pro Engine is Here!

Brakeman Pro 1.3.2 Now Available

Brakeman Pro 1.3.1 Released

Brakeman Pro 1.3.0 Now Available

Brakeman Pro 1.2.2 Available

Brakeman Pro 1.2.1 Available

What Makes Brakeman Special

Brakeman Pro 1.2.0 Released!

Brakeman Pro 1.1.1 Now Available

Brakeman Pro 1.0 is Available!

Testing JRubyFX Applications in Docker Containers

Testing JRubyFX Applications with Automaton

What is JRubyFX?

Brakeman Pro Engine 4.0 Released

Sep 25, 2017

Previous post: Cross-Site Scripting in Rails

Next post: Two Years of Brakeman Pro