Language / Framework: Ruby/Rails
stable: Brakeman v4.3.1,
beta: Brakeman v5.3.1
Brakeman OSS is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Enable the Plugin
To enable Brakeman analysis, add the following to your .codeclimate.yml configuration file:
plugins: brakeman: enabled: true
More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate
To use a newer version of Brakeman (v5.3.1), specify the
beta channel within your .codeclimate.yml configuration file:
plugins: brakeman: channel: beta enabled: true
Configure the Plugin
The Brakeman engine supports Brakeman configuration files (and ignore files) as described in the Brakeman documentation.
If your application exists in a sub-directory, you can specify the sub-directory as an "app_path" in your config block. For example, if your rails app lives at "app/our_repo/", you would specify the following in your .codeclimate.yml:
plugins: brakeman: enabled: true config: app_path: app/our_repo
Understand the Plugin
Consult the official Brakeman documentation for more information about Brakeman analysis.
Updated 4 months ago