Brakeman

Ruby on Rails Static Analysis Security Tool

Brakeman 3.4.0 Released

Changes since 3.3.5:

  • Show obsolete ignore entries in reports (Jonathan Cheatham)
  • Add option to prune ignore file with -I
  • Add new plain report format (#914)
  • Support creating reports in non-existent paths (#924)
  • Add --no-exit-warn (#925)
  • Improved Slim template support

Obsolete Ignore Entries

The “ignore” configuration file can sometimes grow large due to stale entries that no longer correspond to existing warnings. Thanks to Jonathan Cheatham, these obsolete entires will now be noted in the default and JSON reports.

(changes)

When using the -I option it is now possible to prune the ignore file.

image

image

(changes)

New Report Format

This release adds a new “plain text” report format. It will eventually replace the default “table” report in Brakeman 4.0.

image

To output in the new format, use -f plain or -o report.plain.

The color codes should be disabled automatically if outputing to a file, but --no-color can be used to turn colors off.

Feedback on the new report format is encouraged prior to the 4.0 release.

(changes)

Report Paths

If the specified output file is in a non-existent path, Brakeman will now attempt to create the path before writing out the report.

(changes)

No Exit Code on Warnings

--no-exit-warn has been added to complement --exit-warn.

(changes)

Improved Slim Support

Most users will not notice any changes, but internally Slim templates are handled a bit better.

(changes and more)

SHAs

The SHA256 sums for this release are

0cfd4b9cb8515ed9cbd254710761bfc409c604f3351e200b22955a1c3f93f8d8  brakeman-3.4.0.gem
7d07d87aa0732465bb6f0c17279f78edcfd0b1d841ddb63a95529ba762841395  brakeman-min-3.4.0.gem
e3d61c1de5549984a0d9eb3a3a53a4ef17b1b41db1be7d504237dd05a0cfa203  brakeman-lib-3.4.0.gem

Reporting Issues

Thank you to everyone who reported bugs.

Please report any issues with this release! Take a look at this guide to reporting Brakeman problems.

Also consider following @brakeman on Twitter and hanging out on Gitter for questions and discussion.