We are pleased to announce the initial release of Brakeman Pro, a security tool for Ruby on Rails applications, is now available for purchase.
Brakeman Pro scans the source code of Ruby on Rails applications and identifies potential security vulnerabilities. The desktop application provides a streamlined interface to investigate and triage warnings. The code associated with each warning is shown immediately when a warning is selected in the triage view.
Warnings may be searched, sorted, and filtered. To keep track of investigations, warnings may be marked as “valid” or “false positive” and notes may be stored for each warning. The notes and status for each warning are carried forward on subsequent scans of the same application.
For warnings in rendered templates, Brakeman Pro provides a dropdown of the render path to quickly jump back to previous templates or the controller action.
In addition to security warnings, Brakeman Pro also generates an application filters view. This view provides insight into which filters are being applied to which actions, with immediate visibility into the filter and action code.
While we are very excited to offer this first commercial version of Brakeman Pro, it is just the first step on our journey to providing the very best static analysis security tool for Ruby on Rails. Many more features are just around the corner!
Thank you for your interest!
-Justin, Neil, Jim, and Adam
- Is Brakeman Pro Software-as-a-Service? Does it send any information to the cloud?
No. Brakeman Pro is a desktop and command-line application. No information leaves your control.
- What platforms does Brakeman Pro support? What technology is it built on?
Brakeman Pro is a JavaFX application built with JRuby. This means it should run on any platform which supports JavaFX.
Brakeman Pro is available as a Mac OSX package, a Windows installer, and a Jar file. The Mac OSX package and Windows installer include all dependencies. For the Jar file, Oracle Java 8u40 or later is required.
- What licensing options are available? How much does it cost?
Please see our purchase page for the current pricing information. If you have any questions or if the options do not fit your current needs, feel free to email us at firstname.lastname@example.org. We are happy to discuss options for any need.
- Can I automate Brakeman Pro?
The Brakeman Pro Command-Line tool is available as self-contained Jar file and is easy to integrate with automation.
- What kind of vulnerabilities does Brakeman Pro find?
Please see our features list.
- Can I generate reports from Brakeman Pro?
Yes, Brakeman Pro can generate PDF reports with information about each warning including any custom notes.
- What is Brakeman Pro’s relationship with the Open Source Brakeman tool? What’s different?
Justin Collins, the president of Brakeman, Inc., is the original author of Brakeman. Co-founder Neil Matatall is the second largest open source contributor to the Brakeman project. We remain committed to the open source project, which is not owned by nor controlled by any corporate entity. In fact, work on Brakeman Pro has already resulted in improvements to the open source project.
In this initial release of Brakeman Pro, the largest difference is of course the graphical user interface, which allows managing reports across multiple applications and quickly triaging warnings. On the inside, the scanning engine is slowly diverging from the open source version to provide deeper (although typically slower) analysis.
- What if I have other questions?
Please feel free to contact us at email@example.com with any questions!