Brakeman Pro Engine can easily be set up with Codeship to run scans on every push.
See the instructions below for using Brakeman Pro Engine with either Codeship Pro or Codeship Basic.
Also check out Codeship’s documentation.
Codeship Pro
Credentials Setup
To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.
Installing Brakeman Pro
After adding the credentials, you’ll need to install the Brakeman gem via your project’s Dockerfile, which is built by your codeship-services.yml file.
This can be done with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile instead):
RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Running Reports
Next, you’ll want to run the actual command to generate a Brakeman report as a new step in your codeship-steps.yml file:
- name: brakeman
service: your_service
command: brakeman-pro --exit-on-warn --quiet -f plain
Recommended Brakeman Pro options:
--exit-on-warn: This option is important because it will cause the build to fail if any warnings are found--quiet: Removes extraneous output. If--quietis too quiet,--no-report-progressis recommended instead--f plain: Generates a nice, colored text report
Codeship Basic
Credentials Setup
We recommending setting up the Brakeman Pro Engine username and password as environment variables. Not only is this good security practice, it also allows the credentials to be easily changed in the future if needed.
Test Setup
In the project test settings, Codeship splits tests into setup commands and pipelines.
In the setup commands, install Brakeman Pro:
gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
This command can be added to any existing setup commands for your project.
If Brakeman Pro is in your Gemfile, this step is unncessary. Use the regular bundle install instead.
Pipeline Setup
Brakeman Pro can be run with other test commands or in its own pipeline.
To run Brakeman Pro:
brakeman-pro --exit-on-warn --quiet -f plain
Recommended Brakeman Pro options:
--exit-on-warn: This option is important because it will cause the build to fail if any warnings are found--quiet: Removes extraneous output. If--quietis too quiet,--no-report-progressis recommended instead--f plain: Generates a nice, colored text report
Report Output
Brakeman Pro reports will be rendered in the Codeship results on failure.
Ignoring Warnings
It is common to need to ignore some warnings. Read how to ignore false positives.