Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

🚀 Get Started 📖 Read Documentation

terminal

# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 7.1.0

Brakeman 7.1.0 Released

July 2025 • Haml 6 support, render shortcuts, and performance improvements

Haml 6 Support

🎉 What's New

Add Haml 6.x support (#1914, #1841, etc.)
Support render model shortcut (#959, #1940, etc.)
Add --ensure-no-obsolete-config-entries option (viralpraxis)
Update JUnit report for CircleCI (Philippe Bernery)

Read Full Release Notes →

Secure Your Rails Applications

Why Use Brakeman?

Rails-Specific

Zero Configuration

Broad Coverage

Latest News

Brakeman 7.1.0 Released

Haml 6 Support

🎉 What's New

Brakeman 7.0.2 Released

Brakeman 7.0.1 Released

Brakeman 7.0.0 Released

Brakeman 6.2.2 Released