Brakeman 1.0 Released: Static analysis security scanning for Rails apps

Brakeman 1.0 has been released!

# What is is

Brakeman provides vulnerability checks for Rails applications by scanning the source code. No deployment or application stack required.

Brakeman searches for:

* Cross Site Scripting * SQL Injection * Command Injection * Mass Assignment * Cross-Site Request Forgery * Unprotected Redirects * Default Routes * Insufficient Format Validation * Dynamic Render Paths * Dangerous Evaluation * File Access * Unsafe Session Settings * Version-specific Rails vulnerabilities * ...and more!

# How to use it

  gem install brakeman

  brakeman your_app_path

# Changes since 0.9.2

* Better handling of assignments inside ifs * Check more expressions for SQL injection * Use latest ruby_parser for better 1.9 syntax support * Better behavior for Brakeman as a library * Brakeman can now be used as a library * Faster call search * Add option to return error code if warnings are found (tw-ngreen) * Allow truncated messages to be expanded in HTML * Keep expanded context in view in HTML output * Fix summary when using warning thresholds * Better support for Rails 3 routes * Reduce SQL injection duplicate warnings * Lower confidence on mass assignment with no user input * Ignore mass assignment using all literal arguments