Brakeman logo

Brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications
17
10
+ 1
0

What is Brakeman?

Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis.
Brakeman is a tool in the Code Review category of a tech stack.
Brakeman is an open source tool with 5.6K GitHub stars and 588 GitHub forks. Here’s a link to Brakeman's open source repository on GitHub

Who uses Brakeman?

Companies
6 companies reportedly use Brakeman in their tech stacks, including StackShare, Livestorm, and Aumni Web App.

Developers
11 developers on StackShare have stated that they use Brakeman.

Brakeman Integrations

Why developers like Brakeman?

Here’s a list of reasons why companies and developers use Brakeman
Top Reasons
Be the first to leave a pro
Brakeman Reviews

Here are some stack decisions, common use cases and reviews by companies and developers who chose Brakeman in their tech stack.

Jerome Dalbert
Jerome Dalbert
Senior Backend Engineer at StackShare · | 5 upvotes · 215.8K views
atStackShareStackShare
GitHub
GitHub
CircleCI
CircleCI
Code Climate
Code Climate
Brakeman
Brakeman
RuboCop
RuboCop
RSpec
RSpec
Rails
Rails
Git
Git
#ContinuousIntegration

The continuous integration process for our Rails backend app starts by opening a GitHub pull request. This triggers a CircleCI build and some Code Climate checks.

The CircleCI build is a workflow that runs the following jobs:

  • check for security vulnerabilities with Brakeman
  • check code quality with RuboCop
  • run RSpec tests in parallel with the knapsack gem, and output test coverage reports with the simplecov gem
  • upload test coverage to Code Climate

Code Climate checks the following:

  • code quality metrics like code complexity
  • test coverage minimum thresholds

The CircleCI jobs and Code Climate checks above have corresponding GitHub status checks.

Once all the mandatory GitHub checks pass and the code+functionality have been reviewed, developers can merge their pull request into our Git master branch. Code is then ready to deploy!

#ContinuousIntegration

See more

Brakeman Alternatives & Comparisons

What are some alternatives to Brakeman?
Conductor
Conductor is an orchestration engine that runs in the cloud.
ESLint
A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease.
SonarQube
SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving.
Code Climate
After each Git push, Code Climate analyzes your code for complexity, duplication, and common smells to determine changes in quality and surface technical debt hotspots.
Prettier
Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary.
See all alternatives

Brakeman's Followers
10 developers follow Brakeman to keep up with related blogs and decisions.
Gabriel Hebert
Yosef Benny Widyokarsono
Yury Buldakov
cryptocommando
Michael Yanagi
Brent Kearney
Ronie Henrich
Thuy Tran
Pete Doyle
MohammadAsh15