Brakeman 1.0 Released: Static analysis security scanning for Rails apps

Brakeman 1.0 has been released!

http://brakemanscanner.org

# What is is

Brakeman provides vulnerability checks for Rails applications by
scanning the source code. No deployment or application stack required.

Brakeman searches for:

* Cross Site Scripting
* SQL Injection
* Command Injection
* Mass Assignment
* Cross-Site Request Forgery
* Unprotected Redirects
* Default Routes
* Insufficient Format Validation
* Dynamic Render Paths
* Dangerous Evaluation
* File Access
* Unsafe Session Settings
* Version-specific Rails vulnerabilities
* ...and more!

# How to use it

  gem install brakeman

  brakeman your_app_path

# Changes since 0.9.2

* Better handling of assignments inside ifs
* Check more expressions for SQL injection
* Use latest ruby_parser for better 1.9 syntax support
* Better behavior for Brakeman as a library
* Brakeman can now be used as a library
* Faster call search
* Add option to return error code if warnings are found (tw-ngreen)
* Allow truncated messages to be expanded in HTML
* Keep expanded context in view in HTML output
* Fix summary when using warning thresholds
* Better support for Rails 3 routes
* Reduce SQL injection duplicate warnings
* Lower confidence on mass assignment with no user input
* Ignore mass assignment using all literal arguments