This release introduces a new report format!
Changes since 4.9.1:
- Add SARIF report format (Steve Winton)
SARIF Report Format
Steve Winton from GitHub has contributed support for Static Analysis Results Interchange Format (SARIF). This is a standard format for static analysis tools and can be consumed by some report viewers, such as this one for Visual Studio Code.
To output a SARIF report, use
-f sarif or a file name like
Previewing Brakeman 5.0
What is planned for Brakeman 5.0?
The big change coming in 5.0 is scanning way more files. Currently, Brakeman scans specific directories in
It also only looks for files in particular places - e.g. views will be somewhere in
In 5.0, Brakeman will scan (almost) all files in the project directory with
.rb or template-related extensions.
This will dramatically increase the scope of Brakeman scans, which is better coverage but at the cost of more false positives and slower scans.
Also expected in Brakeman 5.0 is a bump of minimum Ruby version to 2.4.0 (which is already EOL).
The SHA256 sums for this release are:
Thank you to everyone who reported bugs and contributed to this release!