Brakeman OSS

Language / Framework: Ruby/Rails
Checks: 85
Categories: Security
Channels: stable: Brakeman v4.3.1, beta: Brakeman v5.3.1

Brakeman OSS is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

Enable the Plugin

To enable Brakeman analysis, add the following to your .codeclimate.yml configuration file:

plugins:
  brakeman:
    enabled: true

More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate

Brakeman versions

To use a newer version of Brakeman (v5.3.1), specify the beta channel within your .codeclimate.yml configuration file:

plugins:
  brakeman:
    channel: beta
    enabled: true

Configure the Plugin

The Brakeman engine supports Brakeman configuration files (and ignore files) as described in the Brakeman documentation.

Sub-Directory Support

🚧
Sub-directory Support
If your application exists in a sub-directory, you can specify the sub-directory as an "app_path" in your config block. For example, if your rails app lives at "app/our_repo/", you would specify the following in your .codeclimate.yml:

plugins:
  brakeman:
    enabled: true
    config:
        app_path: app/our_repo

Understand the Plugin

Consult the official Brakeman documentation for more information about Brakeman analysis.

Enable the Plugin

Brakeman versions

Configure the Plugin

Sub-Directory Support

🚧Sub-directory Support

Understand the Plugin

🚧
Sub-directory Support