Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

🚀 Get Started 📖 Read Documentation
terminal
# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 7.1.1

Brakeman 7.1.1 Released

November 2025 • Performance improvements on macOS and lots of bug fixes

Faster File Search on MacOS

🎉 What's New

  • Exclude directories before searching for files (#1925)
  • Check for unsafe SQL when two arguments are passed to AR methods (Patrick Brinich-Langlois)
  • Fix SQL injection check for calculate method (Rohan Sharma)
  • Check each side of or SQL arguments (#1935)
Read Full Release Notes →

Brakeman 7.1.0 Released

Haml 6 Support

July 2025

Brakeman 7.0.2 Released

Error on Empty Environment Variable

April 2025

Brakeman 7.0.1 Released

Fewer Code Evaluation Warnings

April 2025

Brakeman LSP Support

Announcing the ruby-lsp-brakeman project!

January 2025