What is Brakeman?

Brakeman is a security scanner for the Rails application. It statically analyzes the source code and looks for security issues at any stage of development.

Brakeman requires no configuration, once it is installed, we can just run it.

It scans the application code and produces a report of all the security issues it has found.

Brakeman helps in early security issues detection, Developers are better aware of any security vulnerabilities with the help of Brakeman.

It can identify a wide range of security vulnerabilities like SQL injection, Cross-site scripting(XSS), and Cross-site request forgery(CSRf).

It also checks for code that allows users to bypass security checks and gain unauthorized access and many more.

By default, Brakeman reports as much as possible because it doesn’t know if possible values are safe or unsafe, which can lead to many false positives.

But it provides an option to customize the report, and also we can ignore specific warnings to reduce false positives.

To start the Brakeman, go to the root directory of your application and simply type brakeman and press enter. This will run Brakeman on the current directory and scan the code for potential security vulnerabilities.

cd rails-app/
brakeman

To scan a specific folder in our application, we can provide some additional options to this command. We can use -p or --path and give a path to the directory.

brakeman -p app/models

The example of Brakeman output will look like below.

Please read this documentation to know more about Brakeman.

Now, applications using Rails 7.2 will have a Brakeman gem by default in the gemfile.

Also, if we want to skip it, we can do it by using the --skip-brakeman flag.

Please check this PR for more information, Add Brakeman by default to new apps