Brakeman Pro

Brakeman Pro is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

Language/Framework: Ruby/Rails
Checks: 70
Categories: Security
Brakeman Pro Version: 4.2.1

Enable the Plugin

📘

Many issues surfaced by Brakeman Pro have a default severity level of "info". This means that any new issues surfaced by Brakeman Pro will not result in a failed PR. To learn more about issue severity (and how to configure it), check out our doc here.

To enable Brakeman Pro analysis, add the following to your .codeclimate.yml configuration file:

plugins:
  brakeman-pro:
    enabled: true

It is also necessary to include a Brakeman Pro license file in the top directory of the project.

Read here for more information about obtaining a Brakeman Pro license.

More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate.

Configure the Engine

The Brakeman Pro engine supports Brakeman configuration files (and ignore files) as described in the Brakeman documentation.

It is also possible to rename the license file or specify a custom location for the license file instead of keeping it in the top directory.

For example:

plugins:
  brakeman-pro:
    enabled: true
    config:
      license_file: config/.bmp.license

Sub-Directory Support

Coming Soon!

If your application exists in a sub-directory, you can specify the sub-directory as an "app_path" in your config block. For example, if your rails app lives at "app/our_repo/", you would specify the following in your .codeclimate.yml:

plugins:
  brakeman:
    enabled: true
    config:
        app_path: app/our_repo/

Understand the Engine

To learn more about the Brakeman Pro engine, please visit the official site.