Brakeman Pro Engine is designed to be easily automated as part of a development workflow.
We recommend adding Brakeman Pro to your test, build, or deployment pipeline to achieve continuous security coverage and feedback.
Test Integration
The simplest way to integrate Brakeman Pro Engine into a testing workflow is to use our test integration to run a Brakeman Pro scan every time an application’s tests run.
This only requires adding a small bit of code to your test suite. Minitest and RSpec are supported out of the box, but it is possible to integrate with any test library.
Code Climate
For GitHub integration and a cloud solution, we offer the Brakeman Pro Engine on Code Climate.
Code Climate makes it simple to Brakeman Pro with GitHub and run scans on every pull request. As a cloud solution, all your Brakeman Pro warnings can be shared in a centralized location.
Code Climate also has functionality to track statuses for each warning.
Continuous Integration
Brakeman Pro Engine can easily be added to any continuous integration server.
The key steps are installing Brakeman Pro Engine and then running it with the --exit-on-warn option:
gem install brakeman-pro --source https://USER:PASSWORD@brakemanpro.com/gems/
brakeman-pro --exit-on-warn
The --exit-on-warn method causes Brakeman Pro to exit with a failure code.
We have additional documentation for configuring Brakeman Pro with Jenkins, Circle CI, Travis CI, Codeship, and Bitbucket Pipelines.
Need help setting up Brakeman Pro for your CI environment? We are happy to help!.