Changes since 4.9.1:
- Add SARIF report format (Steve Winton)
This release introduces a new report format!
SARIF Report Format
Steve Winton from GitHub has contributed support for Static Analysis Results Interchange Format (SARIF). This is a standard format for static analysis tools and can be consumed by some report viewers, such as this one for Visual Studio Code.
To output a SARIF report, use -f sarif or a file name like -o report.sarif.
(changes)
Previewing Brakeman 5.0
What is planned for Brakeman 5.0?
The big change coming in 5.0 is scanning way more files. Currently, Brakeman scans specific directories in app/, config/, lib/, and engines/.
It also only looks for files in particular places - e.g. views will be somewhere in app/**/views.
In 5.0, Brakeman will scan (almost) all files in the project directory with .rb or template-related extensions.
This will dramatically increase the scope of Brakeman scans, which is better coverage but at the cost of more false positives and slower scans.
Also expected in Brakeman 5.0 is a bump of minimum Ruby version to 2.4.0 (which is already EOL).
Checksums
The SHA256 sums for this release are:
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Hang out on GitHub for questions and discussion.