What is Brakeman?
Who uses Brakeman?
Why developers like Brakeman?
Here are some stack decisions, common use cases and reviews by companies and developers who chose Brakeman in their tech stack.
The continuous integration process for our Rails backend app starts by opening a GitHub pull request. This triggers a CircleCI build and some Code Climate checks.
The CircleCI build is a workflow that runs the following jobs:
- check for security vulnerabilities with Brakeman
- check code quality with RuboCop
- run RSpec tests in parallel with the knapsack gem, and output test coverage reports with the simplecov gem
- upload test coverage to Code Climate
Code Climate checks the following:
- code quality metrics like code complexity
- test coverage minimum thresholds
The CircleCI jobs and Code Climate checks above have corresponding GitHub status checks.
Once all the mandatory GitHub checks pass and the code+functionality have been reviewed, developers can merge their pull request into our Git
master branch. Code is then ready to deploy!