Brakeman Pro is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Brakeman Pro Version: 4.0
To enable Brakeman Pro analysis, add the following to your
.codeclimate.yml configuration file:
plugins brakeman-pro enabledtrue
It is also necessary to include a Brakeman Pro license file in the top directory of the project.
Read here for more information about obtaining a Brakeman Pro license.
More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate.
The Brakeman Pro engine supports Brakeman configuration files (and ignore files) as described in the Brakeman documentation.
It is also possible to rename the license file or specify a custom location for the license file instead of keeping it in the top directory.
plugins brakeman-pro enabledtrue config license_fileconfig/.bmp.license
If your application exists in a sub-directory, you can specify the sub-directory as an "app_path" in your config block. For example, if your rails app lives at "app/our_repo/", you would specify the following in your .codeclimate.yml:
plugins brakeman enabledtrue config app_pathapp/our_repo/
To learn more about the Brakeman Pro engine, please visit the official site.