Brakeman vs Scrutinizer: What are the differences?
Brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications. Free static analysis security tool for Ruby on Rails. Zero-setup security scans for Rails applications based on source code analysis; Scrutinizer: Continuous inspection platform - improve code quality and find bugs before they hit production. Scrutinizer is a continuous inspection platform helping you to create better software.
Brakeman and Scrutinizer belong to "Code Review" category of the tech stack.
Brakeman is an open source tool with 5.42K GitHub stars and 555 GitHub forks. Here's a link to Brakeman's open source repository on GitHub.
TheIconic, LinkORB, and OSInet are some of the popular companies that use Scrutinizer, whereas Brakeman is used by StackShare, Livestorm, and Cambridge Brain Sciences. Scrutinizer has a broader approval, being mentioned in 17 company stacks & 7 developers stacks; compared to Brakeman, which is listed in 4 company stacks and 3 developer stacks.
What is Brakeman?
What is Scrutinizer?
Need advice about which tool to choose?Ask the StackShare community!
Why do developers choose Brakeman?
Sign up to add, upvote and see more prosMake informed product decisions
What are the cons of using Brakeman?
Sign up to get full access to all the companiesMake informed product decisions
What tools integrate with Brakeman?
The continuous integration process for our Rails backend app starts by opening a GitHub pull request. This triggers a CircleCI build and some Code Climate checks.
The CircleCI build is a workflow that runs the following jobs:
- check for security vulnerabilities with Brakeman
- check code quality with RuboCop
- run RSpec tests in parallel with the knapsack gem, and output test coverage reports with the simplecov gem
- upload test coverage to Code Climate
Code Climate checks the following:
- code quality metrics like code complexity
- test coverage minimum thresholds
The CircleCI jobs and Code Climate checks above have corresponding GitHub status checks.
Once all the mandatory GitHub checks pass and the code+functionality have been reviewed, developers can merge their pull request into our Git
master branch. Code is then ready to deploy!