Brakeman

LSE top 100LSE top 100Brakeman (16)Brakeman (16)

Tool and Usage

Project details

License
CC BY-NC-SA 4.0
Programming language
Ruby
Author
Justin Collins
Latest release
6.2.2
Latest release date

Project health

100
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.

How it works

Brakeman uses the source code to find any security issues. It does not need a fully running application stack. Once the scan is started, Brakeman provides a report with all its findings.

Background information

In June 2018, the project switched from the MIT license to Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Public License. This is part of the project being acquired by Synopsys. The Brakeman OSS project was part of the acquisition, and therefore Synopsys owns the copyright previously held by Brakeman, Inc. Under this license, it is not possible to use Brakeman OSS for the development of a commercial product or online service or to resell Brakeman OSS as a service.

Usage and audience

Brakeman is commonly used for code analysis. Target users for this tool are security professionals.

Features

  • Command line interface

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + Commercial support available
  • + More than 5000 GitHub stars
  • + The source code of this software is available

Weaknesses

  • - Commercial usage is restricted to some extent

Author and Maintainers

Brakeman is under development by Justin Collins.

Installation

Supported operating systems

Brakeman is known to work on Linux.

Brakeman alternatives

Similar tools to Brakeman:

85

Bandit

Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.

93

Cppcheck

Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.

60

Jackhammer

Jackhammer is a collaboration tool to get security and developer teams together. Focus is on static code analysis and dynamic analysis vulnerability discovery.

All Brakeman alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information