Brakeman Pro Engine is Now Available

Hi all,

I have done very little promotion of Brakeman or Brakeman Pro on this list, so I hope you won’t mind a little exposition here.

tl;dr: Brakeman Pro, a security tool for Rails, is now available as a gem with cool Minitest/RSpec integration.

Longer version:

Brakeman is an open source static analysis security tool for Rails that’s been around for six years now. In that time it’s basically become the de facto standard security tool for Rails.

Last year myself and some friends launched Brakeman Pro - a product to provide deeper (but possibly slower/noisier) security analysis, a much better way to manage and investigate reports via a GUI, and of course commercial support.

People liked the GUI, but we were missing a pretty important piece of functionality: automation. Everyone at Brakeman Pro believes security should be a part of your development workflow, and that means making it easy to run on all the commits, all the time. With our Desktop application, that wasn’t possible.

But now we have released the Brakeman Pro Engine! It is available as a gem (thanks to Mike Perham for writing up how to host commercial gems), you can use it from the command line, and it has some cool test integration.

The test integration means all you need to do to get continuous Brakeman Pro scans (assuming you have automated tests!) is to add Brakeman Pro to your Gemfile and a test like this:

require “brakeman/test/rspec”

describe Brakeman do

Assert zero Brakeman warnings

it “raises zero warnings” do
expect(Brakeman::Test.run).to have_no_warnings
end
end

``

We have a number of assertions available for flexible test integration. Another cool thing about the test integration is that the Brakeman Pro scan will run in a forked process to avoid polluting your test and application with Brakeman Pro dependencies.

To wrap up: if you are concerned about the security of your Rails application, please check out Brakeman and Brakeman Pro. If you curious about the differences, we have a comparison table for you.

Thank you for reading,

Justin (@presidentbeef)