presidentbeef/brakeman

Features

• Rails Security Scanning - Provides specialized static analysis to find security vulnerabilities within Ruby on Rails source code.
• Static Analysis Security Testing - Analyzes Ruby on Rails source code to identify common security vulnerabilities without executing the application.
• Rails SAST Scanners - Acts as a dedicated static analysis tool for scanning Ruby on Rails source code for vulnerabilities.
• Rails Security Auditors - Detects mass assignment risks and template vulnerabilities specifically within the Ruby on Rails framework.
• Security Scanners - Analyzes codebases to identify common security flaws and unsafe patterns through static scanning.
• Output Escaping - Evaluates rendered views to ensure user-controlled data is properly escaped to prevent cross-site scripting.
• Security Pattern Matching - Matches specific code structures and method sequences against a database of known security weaknesses.
• Syntax Tree Analysis - Implements syntax tree analysis to identify dangerous patterns in source code without executing the application.
• Source-Sink Taint Tracking - Tracks the flow of untrusted user input from sources to dangerous sinks to detect injection vulnerabilities.
• Linting File Filters - Provides configuration-based file filters to exclude specific files or directories from static analysis.
• Analysis Suppressions - Allows suppressing known false positives or accepted risks from future scan results using configuration.
• Scan Configurations - Loads scanning preferences and operational options from configuration files for consistent execution.
• CI Pipeline Integrations - Integrates security checks directly into CI/CD pipelines to prevent vulnerabilities in new code.
• Static Method Call Analysis - Locates specific method invocations across the codebase by searching for target class or method names.
• Security Finding Management - Tracks the lifecycle of security findings, including the suppression of false positives over time.
• Differential Analysis - Provides the ability to compare current scans against previous reports to identify newly introduced or resolved security flaws.
• Template Output Analysis - Evaluates the final output of rendered views to determine if user-controlled data is properly escaped.
• Vulnerability Reporting Tools - Exports security findings in multiple formats and supports comparison between scan reports.
• Mass Assignment Vulnerabilities - Identifies unrestricted assignment patterns that could allow unauthorized modification of model attributes.
• Vulnerability Scoring - Assigns risk levels and certainty scores to identified vulnerabilities to help prioritize remediation.
• Confidence Level Filtering - Brakeman's ability to limit reported vulnerabilities to a specific certainty level to reduce noise and prioritize critical issues.
• Differential Analysis - Compares current scan results against previous snapshots to identify newly introduced or resolved security flaws.
• Code Analysis and Metrics - Security vulnerability scanner for web applications.
• Security and Auditing - Scans code for security vulnerabilities.
• Security Tools - Static analysis for detecting security vulnerabilities in code.
• Static Analysis - Scans Ruby on Rails applications for security-related vulnerabilities.
• Static Analyzers - Scans Ruby on Rails applications for security vulnerabilities.

Star history