Upgrade your paranoia with Brakeman

· · Semaphore Engineering Blog

Brakeman is a wonderful tool that can scan your Ruby on Rails application for common vulnerabilities. It's a static code analyzer that can help you find security problems before you release the application.

Since you can introduce a vulnerability at any stage of you development process, it's obvious that a tool should scan your application as often as possible, preferably on every commit. That makes it an ideal candidate for the continuous delivery pipeline.

Fortunately, it's easy to make Brakeman part of your CI.

Install Brakeman by adding it to your Gemfile:

group :development do
  gem 'brakeman', :require => false
end

And add the following command to your build setup on Semaphore:

bundle exec brakeman -z

The -z flag tells Brakeman to fail if it finds any vulnerabilities. This means that your build will fail before any issues reach the production, letting you know you should fix the problem.

We definitely recommend that you introduce security checks to your continuous delivery pipeline, and Brakeman is a good choice for Rails apps.

Join 25k+ other developers receiving these posts by email

comments powered by Disqus
Newsletter

Occasional lightweight product and blog updates. Unsubscribe at any time.

© 2009-2018 Rendered Text. All rights reserved. Terms of Service, Privacy policy, Security.