If you're using Github to host your Rails projects, you might be interested in a quick and easy way to add security checks to your PRs, via Github Actions.
Github Actions, if you're not familiar with them, are like little CI tasks that can run on certain events that happen to your repos. They run in the cloud and let you do things like test or lint your code.
This post will show you how to integrate the Brakeman gem into your Github project as a Github Action that only checks the code changed in a created (or updated) PR. Here is the result:
Then, when you create a PR, you can see right away if you are possibly introducing any security vulnerabilities.
The first think you'll need to do is go to the Actions tab on your Github repo. The tab looks like this:
On that tab, click the link that says "set up the workflow yourself". That should bring you to a screen where you are now editing a
This file describes what the Github Action should do. If you'd like to understand the syntax (so you can add other tasks if you want), you can head over to the docs.
For now, replace the contents of the file with the contents of this gist.
Once you've done that, head over to the right side of the page and click the "Start Commit" button. I like to create a pull request to see if it actually worked or not on my branch, but you don't have to.
That's it! Now, whenever you make a PR, you should see a section at the bottom of the page that shows the status of your new Github Action, like this:
The yellow circle means it's still in progress. You can click "Details" if you want to know more about what it's doing.
Thanks for reading. Let me know in the comments how you're using Github Actions.