Documentation

Automation

Brakeman Pro Engine is designed to be easily automated as part of a development workflow.

We recommend adding Brakeman Pro to your test, build, or deployment pipeline to achieve continuous security coverage and feedback.

Test Integration

The simplest way to integrate Brakeman Pro Engine into a testing workflow is to use our test integration to run a Brakeman Pro scan every time an application’s tests run.

This only requires adding a small bit of code to your test suite. Minitest and RSpec are supported out of the box, but it is possible to integrate with any test library.

RSpec Integration

More details here.

Code Climate

For GitHub integration and a cloud solution, we offer the Brakeman Pro Engine on Code Climate.

Code Climate makes it simple to Brakeman Pro with GitHub and run scans on every pull request. As a cloud solution, all your Brakeman Pro warnings can be shared in a centralized location.

Code Climate issue options

Code Climate also has functionality to track statuses for each warning.

More details here.

Continuous Integration

Brakeman Pro Engine can easily be added to any continuous integration server.

The key steps are installing Brakeman Pro Engine and then running it with the --exit-on-warn option:

gem install brakeman-pro --source https://USER:PASSWORD@brakemanpro.com/gems/
brakeman-pro --exit-on-warn

The --exit-on-warn method causes Brakeman Pro to exit with a failure code.

We have additional documentation for configuring Brakeman Pro with Jenkins, Circle CI, Travis CI, Codeship, and Bitbucket Pipelines.

Need help setting up Brakeman Pro for your CI environment? We are happy to help!.