๐ง Introduction
Brakeman is an open-source static analysis security tool specifically designed for Ruby on Rails applications. It analyzes your codebase without executing it, helping developers catch security vulnerabilities early in the development cycle.
In this article, weโll explore how to set up Brakeman, demonstrate its capabilities on a sample Rails project, automate it with GitHub Actions, and wrap up with a short video demo.
๐ฆ Installation
To install Brakeman, you can add it to your Gemfile or install it globally:
gem install brakeman
Or inside your Gemfile:
group :development do
gem 'brakeman', require: false
end
Then run:
bundle install
๐ Running Brakeman
To analyze a Rails project:
brakeman
To generate an HTML report:
brakeman -o brakeman-report.html
๐จโ๐ป Demo Code
We created a small vulnerable Rails app to demonstrate Brakeman. The repository is available here:
๐ GitHub Repo
Example vulnerability
def show
@user = User.find_by_sql("SELECT * FROM users WHERE id = #{params[:id]}")
end
Brakeman will detect this as a possible SQL injection.
๐ค Automation with GitHub Actions
Brakeman can be integrated into your CI pipeline using GitHub Actions:
# .github/workflows/brakeman.yml
name: Brakeman Security Scan
on:
push:
branches: [ master]
pull_request:
branches: [ master]
jobs:
brakeman:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.1'
- name: Install dependencies
run: |
gem install brakeman
- name: Run Brakeman
run: brakeman -o brakeman-output.json
๐น Video Demo
A 5-minute walkthrough of the Brakeman tool and our code demo is available here:
- YouTube Demo (English)
- TikTok coming soon!
๐ฅ Video Language
English, with Spanish subtitles available.
๐งพ Conclusion
Brakeman is a powerful, easy-to-integrate tool that helps you keep your Rails applications secure. Integrating it into your development and CI processes can prevent vulnerabilities from making it to production.
Top comments (0)