Brakeman Logo Brakeman
  • Documentation
  • News
  • Code

Getting Started

  • Overview
  • Quickstart Guide
  • Installation
  • Basic Usage

Configuration

  • Options
  • Configuration Files
  • Ignoring False Positives

More Information

  • Warning Types
  • Confidence Levels
  • Automation
  • Brakeman as a Library

Development

  • Contributing
  • Test Structure
  • Adding a Test

Warning Types

Read more about the different warnings Brakeman reports:

  • Attribute Restriction
  • Authentication
  • Basic Authentication
  • Command Injection
  • Cross-Site Request Forgery
  • Cross Site Scripting
  • Cross Site Scripting (Content Tag)
  • Cross Site Scripting (JSON)
  • Dangerous Evaluation
  • Dangerous Send
  • Default Routes
  • Denial of Service
  • Divide By Zero
  • Dynamic Render Paths
  • File Access
  • Format Validation
  • Information Disclosure
  • Mail Link
  • Mass Assignment
  • Path Traversal
  • Remote Code Execution
  • Remote Execution in YAML.load
  • Session Manipulation
  • Session Settings
  • SQL Injection
  • SSL Verification Bypass
  • Unmaintained Dependencies
  • Unsafe Deserialization
  • Unscoped Find
  • Unsafe Redirects
  • Weak Hash

Project

DocumentationChangelog

Community

GitHubDiscussionsIssuesContributing

Resources

Getting StartedRails Security Guide