I have done very little promotion of Brakeman or Brakeman Pro on this list, so I hope you won’t mind a little exposition here.
tl;dr: Brakeman Pro, a security tool for Rails, is now available as a gem with cool Minitest/RSpec integration.
Brakeman is an open source static analysis security tool for Rails that’s been around for six years now. In that time it’s basically become the de facto standard security tool for Rails.
Last year myself and some friends launched Brakeman Pro - a product to provide deeper (but possibly slower/noisier) security analysis, a much better way to manage and investigate reports via a GUI, and of course commercial support.
People liked the GUI, but we were missing a pretty important piece of functionality: automation. Everyone at Brakeman Pro believes security should be a part of your development workflow, and that means making it easy to run on all the commits, all the time. With our Desktop application, that wasn’t possible.
But now we have released the Brakeman Pro Engine! It is available as a gem (thanks to Mike Perham for writing up how to host commercial gems), you can use it from the command line, and it has some cool test integration.
The test integration means all you need to do to get continuous Brakeman Pro scans (assuming you have automated tests!) is to add Brakeman Pro to your Gemfile and a test like this:
describe Brakeman do
it “raises zero warnings” do expect(Brakeman::Test.run).to have_no_warnings end end
We have a number of assertions available for flexible test integration. Another cool thing about the test integration is that the Brakeman Pro scan will run in a forked process to avoid polluting your test and application with Brakeman Pro dependencies.
Thank you for reading,