This release adds more management features for custom rules. Any custom rule may be used with any project and enabled/disabled per project. To facilitate sharing custom rules with other users, they may now be exported and imported.

In this version, each Brakeman warning is now mapped to the OWASP Top 10 in the triage view. This information is also included in PDF reports with links to documentation on the OWASP website.

As usual, the engine has been updated with various improvements. Along with various fixes, this release adds additional method call analysis (interprocedural data flow) in controllers and processing for inline template rendering.

The command-line version has two important changes in this release. Now all checks are run by default, just like in the desktop version. This behavior can be reverted with the -R option. Additionally, interprocedural analysis is enabled by default. To disable, use --no-interprocedural.

New in 1.3.0:

• Custom rules are shared across projects
• Custom rules may be exported/imported
• Warnings are mapped to OWASP Top 10
• Additional interprocedural analysis in controllers
• Command-line version runs all checks by default

If you have not purchased Brakeman Pro yet, you can view our pricing and purchase licenses directly from our site.

Need to try Brakeman Pro first? We also offer a free trial version to test it out. (Note: if you have already downloaded a trial version in the past, use that same link to download the latest version.)

Please feel free to contact us at support@brakemanpro.com with any questions!