Brakeman Pro is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.
Brakeman Pro Version: 4.2.1
Many issues surfaced by Brakeman Pro have a default severity level of "info". This means that any new issues surfaced by Brakeman Pro will not result in a failed PR. To learn more about issue severity (and how to configure it), check out our doc here.
To enable Brakeman Pro analysis, add the following to your
.codeclimate.yml configuration file:
plugins brakeman-pro enabledtrue
It is also necessary to include a Brakeman Pro license file in the top directory of the project.
Read here for more information about obtaining a Brakeman Pro license.
More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate.
The Brakeman Pro engine supports Brakeman configuration files (and ignore files) as described in the Brakeman documentation.
It is also possible to rename the license file or specify a custom location for the license file instead of keeping it in the top directory.
plugins brakeman-pro enabledtrue config license_fileconfig/.bmp.license
If your application exists in a sub-directory, you can specify the sub-directory as an "app_path" in your config block. For example, if your rails app lives at "app/our_repo/", you would specify the following in your .codeclimate.yml:
plugins brakeman enabledtrue config app_pathapp/our_repo/
To learn more about the Brakeman Pro engine, please visit the official site.