Brakeman - Ruby on Rails Static Analysis Security Tool

如果您也使用Ruby On Rails来构建应用程式,那我推荐你也添加 `brakeman` 到您的项目中,它可以有效的帮助你分析代码安全问题,从而提高代码质量。

接下来,我们看看如何在你的项目中使用它

1. Add brakeman to your Gemfile

group :development do
  gem 'brakeman'
end

2. Running locally

From a Rails application's root directory:

brakeman

3. CI Configuration for Rails Project 

Drop this into project_root/.gitlab-ci.yml

services:
  - postgres:latest

variables:
  POSTGRES_DB: PROJECT_NAME_test
  POSTGRES_USER: PROJECT_NAME_test
  POSTGRES_PASSWORD: ""

stages:
  - build
  - test
  - deploy

before_script:
  - export SECRET_KEY_BASE=PROJECT_NAME_test
  - cp config/secrets.ci.yml config/secrets.yml
  - cp config/database.ci.yml config/database.yml
  - ...

test:
  script:
    - bundle exec brakeman -z -q
    - bundle exec rubocop
    - bundle exec rspec


References

  • Brakeman - Ruby on Rails Static Analysis Security Tool
  • Github - A static analysis security vulnerability scanner for Ruby on Rails applications