Do you know what's in the code you are shipping?
Brakeman Pro inspects the source code of Ruby on Rails applications to find potential security vulnerabilities before they reach production.
An estimated 80% of breaches now occur at the application layer, and over 90% of vulnerabilites are in custom code - not off-the-shelf libraries.
With much deeper analysis than just dependency analysis (CVEs) or grepping for "bad strings", Brakeman Pro delivers relevant results from your code.
Brakeman Pro can find cross-site scripting, SQL injection, mass assignment, and many more vulnerabilities.
Add security to the development pipeline.
Available as a Ruby gem, Brakeman Pro Engine can easily be added to any workflow. The Brakeman Pro Engine gem can be run from the command line, added to your test suite, as part of continuous integration, or anywhere else you would like to automate it.
Output formats include JSON, HTML, and plain text for simple integration with other tools. The Brakeman Pro Engine gem output can also be imported into Brakeman Pro Desktop for easier viewing.
Manage scans and reports in one place.
Brakeman Pro Desktop brings code and warnings together in one place for streamlined triage. Search, sort, and filter warnings in our triage view. Mark findings as valid or false positives, keep notes for each warning, and export reports in PDF, Excel, or JSON formats.
Brakeman Pro Desktop is ideal for security analysts and consultants who want deep results and fast insight into the security of a Ruby on Rails application.
Brakeman Pro Desktop provides an excellent interface for scanning code and triaging findings, with no need to sign up for another SaaS or worry about the security of yet another cloud provider. All results and code stay on your machine.
For fast, easy integration with GitHub and a central dashboard to manage results, Brakeman Pro is also available in the cloud on the Code Climate platform. Gain peace of mind knowing Brakeman Pro will automatically scan every pull request as they are opened.
Brakeman Pro Desktop is priced per seat. It is available as a downloadable package for OS X, Windows, and Linux.
Brakeman Pro Engine gem is a site license. We provide you credentials to the gem on our private gem server. The gem can be added to your Gemfile or installed by itself.
Brakeman Pro for Code Climate is also a site license. We provide a license file to include in your code repositories. You will need a separate Code Climate account.
Please contact us for any questions or to receive a quote. We are happy to work with purchase orders and resellers.