No need to switch between a Brakeman report and digging through files in an editor.
Brakeman Pro Desktop presents code and warnings together for fast triage.
With Brakeman Pro Desktop, you can keep track of investigations with per-warning notes, mark warnings as false positives or triaged, and adjust severity of warnings. Warning information is carried across reports on the same project.
To assist in triaging warnings, you can filter, sort, and search warnings in Brakeman Pro Desktop.
Is your hard drive littered with individual reports output by Brakeman OSS?
Brakeman Pro Desktop keeps all your scans over time across any number of projects in one place. Quickly flip through scans and track trends over time.
The Brakeman Pro Engine includes new rules and expanded versions of rules/checks from the open source project. Brakeman Pro also enables the creation of custom rules which can be shared across projects in Brakeman Pro Desktop.
As the Pro Engine evolves, Brakeman Pro is able to both find more vulnerabilities while at the same time improving accuracy and reducing false positives.
Brakeman Pro generates more detailed enhanced descriptions for each warning. The enhanced descriptions are tuned to the actual code that produced the warning.
In Brakeman Pro Desktop, the filter chain view helps explore where filters are applied or missing. This is useful for verifying action-level authorization.
Brakeman Pro Engine includes RSpec/Minitest integration.
With Brakeman Pro, it is trivial to automate Brakeman scans just by adding a few lines of code to your regular automated tests.
The Brakeman Pro Engine gem can be used by most teams as a drop-in replacement for Brakeman OSS.
Brakeman Pro Desktop can also import false positive information from Brakeman OSS ignore files and export false positive information for use with the Engine gem.
While best efforts are made to answer issues in the open source Brakeman project, our Pro customers have much higher priority.
All Brakeman Pro licenses include email support. Scheduled phone support is available.
With Brakeman Pro we can also sign those license agreements legal and procurement teams love so much!
|Feature||Brakeman OSS||Brakeman Pro Engine||Brakeman Pro Desktop|
|Fast source code security scans||✓||✓||✓|
|Zero configuration required||✓||✓||✓|
|Detects 20+ vulnerability types||✓||✓||✓|
|Run at any point in development||✓||✓||✓|
|Rails data flow analysis||✓||✓||✓|
|False positive management||✓||✓||✓|
|Command line interface||✓||✓|
|Graphical desktop interface||✓|
|Manage all reports in one place||✓|
|Filter, sort, and search warnings||✓|
|Track validated warnings||✓|
|Create custom rules||✓||✓|
|Quickly explore action filters||✓|
|Extended warning explanations||✓||✓|
|Syntax-highlighted code views||✓|
|Store notes per warning||✓|
|Analysis of view helpers||✓||✓|
|Extended interprocedural analysis||✓||✓|
|Render path navigation||✓|
|Detect unquoted attributes in views||✓||✓|
|Detect disabled SSL verification with popular gems||✓||✓|
|Detect dynamic evaluation||✓||✓|
|Detect use of basic authentication||✓||✓|
|Check Devise configuration best practices||✓||✓|
|Warn on missing filter actions||✓||✓|
|Detect cookies missing `httponly`||✓||✓|
|Parallel file parsing||✓||✓|
|Excel (XLSX) reports||✓|
|OWASP Top 10 mapping||✓|
|Secure Code Warrior integration||✓|