Custom Rules

Currently, Brakeman Pro supports creating custom rules to search for specific method calls.

Custom rules are shared across all projects and can be enabled/disabled per application.

Creating a Custom Rule

To create a custom rule, first click on the application name in the project tree pane.

Then click the “+” button by the Custom Rules table.

After configuring the custom rule, click “Save” to save the rule. It will be enabled for the current project and will be applied the next time the project is scanned.

Custom Rule Options

Rule Name

The rule name will be displayed in warnings and the rule list.


This description will be shown in the details drawer for each warning.


By default, custom rules are their own category. However, you may assign the rule to a specific warning category.


Select the severity level for resulting warnings.


Targets are the “object” of the method calls to match. For example, in Kernel.puts, the target would be Kernel. If no target is specified, the rule will match any target.

To specify multiple targets, separate them by commas. For example: Kernel,Object,User.


At least one method must be specified for each rule.

To specify multiple methods, separate them by commas. For example: puts,system,delete.

Require User Input

If this option is enabled, the rule will only match when one or more arguments include potential user input.

To match all uses of a method, leave this option disabled.

Editing Custom Rules

To edit custom rules, click the pencil icon in the “Edit” column by the rule to be edited.

Note changes only occur on the next scan of project.