Ruby on Rails Static Analysis Security Tool

Brakeman 3.1.4 Released

Brakeman Pi!

Changes since 3.1.3:

  • Emit Brakeman’s native fingerprints for Code Climate engine (Noah Davis)
  • Ignore secrets.yml if in .gitignore (#777)
  • Work around safe_yaml error (#778)
  • Increase test coverage for option parsing (Zander Mackie)
  • Clean up Ruby warnings (Andy Waite)

Code Climate Fingerprints

The output format for Code Climate has been updated to include warning fingerprints as generated by Brakeman.

Ignored secrets.yml

If secrets.yml is ignored via .gitignore, Brakeman will ignore it, too.


Safe YAML Error

For some people, in some cases, date is not loaded prior to loading safe_yaml. This release ensures date is loaded before using SafeYAML and only loads safe_yaml on demand.


Test Coverage and Warning Cleanup

Thanks to Zander Mackie for improving test coverage (up to 91.24%) by writing tests for the command line options and thanks to Andy Waite for cleaning up various Ruby warnings.

(test changes, warning fixes)


The SHA256 sums for this release are

d53103d40a7ddf6ee2737770ecd0353b945a757d0fab6c50cde1eefba31f6197  brakeman-3.1.4.gem
a67d7c96090bc3b8193cf3b5db7af62ce719b9277d1b818ec6e9f96a52ad0caa  brakeman-min-3.1.4.gem

Reporting Issues

Thank you to everyone who reported bugs and contributed improvements in this release.

Please report any issues with this release! Take a look at this guide to reporting Brakeman problems.

Also consider following @brakeman on Twitter, joining the mailing list, or hanging out on Gitter.