Brakeman logo
A static analysis security vulnerability scanner for Ruby on Rails applications
12
7
+ 1
0

What is Brakeman?

Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis.
Brakeman is a tool in the Code Review category of a tech stack.
Brakeman is an open source tool with 5.5K GitHub stars and 571 GitHub forks. Here’s a link to Brakeman's open source repository on GitHub

Who uses Brakeman?

Companies
5 companies reportedly use Brakeman in their tech stacks, including StackShare, Livestorm, and Cambridge Brain Sciences.

Developers
7 developers on StackShare have stated that they use Brakeman.

Why developers like Brakeman?

Here’s a list of reasons why companies and developers use Brakeman
Top Reasons
Be the first to leave a pro
Brakeman Reviews

Here are some stack decisions, common use cases and reviews by companies and developers who chose Brakeman in their tech stack.

Jerome Dalbert
Jerome Dalbert
Senior Backend Engineer at StackShare · | 5 upvotes · 15.3K views
atStackShareStackShare
Git
Git
Rails
Rails
RSpec
RSpec
RuboCop
RuboCop
Brakeman
Brakeman
Code Climate
Code Climate
CircleCI
CircleCI
GitHub
GitHub
#ContinuousIntegration

The continuous integration process for our Rails backend app starts by opening a GitHub pull request. This triggers a CircleCI build and some Code Climate checks.

The CircleCI build is a workflow that runs the following jobs:

  • check for security vulnerabilities with Brakeman
  • check code quality with RuboCop
  • run RSpec tests in parallel with the knapsack gem, and output test coverage reports with the simplecov gem
  • upload test coverage to Code Climate

Code Climate checks the following:

  • code quality metrics like code complexity
  • test coverage minimum thresholds

The CircleCI jobs and Code Climate checks above have corresponding GitHub status checks.

Once all the mandatory GitHub checks pass and the code+functionality have been reviewed, developers can merge their pull request into our Git master branch. Code is then ready to deploy!

#ContinuousIntegration

See more

Brakeman Alternatives & Comparisons

What are some alternatives to Brakeman?
Conductor
Conductor is an orchestration engine that runs in the cloud.
ESLint
A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
SonarQube
SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.
Code Climate
After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.
Prettier
Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.
See all alternatives

Brakeman's Stats

Brakeman's Followers
7 developers follow Brakeman to keep up with related blogs and decisions.
Yury Buldakov
cryptocommando
MohammadAsh15
Pete Doyle
Thuy Tran
Ronie Henrich
Brent Kearney