Tool and Usage
|License||CC BY-NC-SA 4.0|
|Latest release||4.8.0 |
Why this tool?
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
How it works
Brakeman uses the source code to find any security issues. It does not need a fully running application stack. Once the scan is started, Brakeman provides a report with all its findings.
In June 2018, the project switched from the MIT license to Creative Commons Attribution-NonCommercial-ShareAlike 4.0 Public License. This is part of the project being acquired by Synopsys. The Brakeman OSS project was part of the acquisition, and therefore Synopsys owns the copyright previously held by Brakeman, Inc. Under this license, it is not possible to use Brakeman OSS for the development of a commercial product or online service or to resell Brakeman OSS as a service.
Usage and audience
Brakeman is commonly used for code analysis. Target users for this tool are security professionals.
- Command line interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Commercial support available
- + More than 5000 GitHub stars
- + The source code of this software is available
- - Commercial usage is restricted to some extent
Supported operating systems
Brakeman is known to work on Linux.
Similar tools to Brakeman:
Bandit is an AST-based static analyzer for analyzing Python code. It helps with finding code flaws that could lead to security vulnerabilities.
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Gosec is a security tool that performs a static code analysis for Golang projects for security flaws. Read how it works in this review.
This tool page was updated at . Found an improvement? Help the community by submitting an update.