How to use Brakeman to check your Rails application for vulnerabilities
May 09, 2020
Brakeman is a static analysis tool that checks for vulnerabilities in Rails applications.
group :development do gem 'brakeman', require: false end
※ To use with docker, see here.
How to use
Execute the following command in the root directory of the project. The results will be printed to standard output.
bundle exec brakeman
You can also use the
-o option to output the results to a file.
bundle exec brakeman - o output.html open ./output.html
To skip a specific directory or file, do the following
bundle exec brakeman --skip-files file1, /path1/, path2/
-I option can be used to create configuration files interactively.
bundle exec brakeman -I
Working with overcommit
By linking Brakeman with overcommit, you can make sure that you don't forget to check Brakeman. If you haven't installed overcommit, please refer to How to install Git Hooks (overcommit) so that you don't forget to run rubocop to install it.
Add the following setting to
.overcommit.yml. This will prevent you from committing if there is a warning in Brakeman.
PreCommit: Brakeman: enabled: true description: 'Check for security vulnerabilities' command: ['bundle', 'exec', 'brakeman']