Does Brakeman require a running server to work?

No, Brakeman is a static analysis tool. It scans the source code of your Ruby on Rails application directly and does not require the application or its database to be running.

How do I handle false positives in Brakeman?

You can use the interactive ignore tool (`brakeman -I`) to review warnings, provide justification notes, and save them to a `brakeman.ignore` file to filter them from future scans.

What is Brakeman for Claude Code?

Brakeman is a static analysis security tool integrated as a Claude Code skill that scans Ruby on Rails applications for potential vulnerabilities without requiring a running application.

Can Brakeman detect SQL injection and XSS?

Yes, Brakeman identifies a wide range of common vulnerabilities including SQL injection, cross-site scripting (XSS), command injection, and mass assignment issues.

Is it possible to use Brakeman in a CI/CD pipeline?

Absolutely. Brakeman supports various output formats like JSON and JUnit and offers configurable exit codes, making it ideal for automated security gates in CI/CD workflows.

Brakeman Rails Security

Name: Brakeman Rails Security
Author: el-feo

byel-feo

0•

보안 및 테스팅

Scans Ruby on Rails applications for security vulnerabilities using static analysis to ensure secure coding practices.

Brakeman is a specialized security skill for Claude Code designed to detect vulnerabilities in Ruby on Rails applications without requiring a running environment. It enables developers to perform deep security audits, identify risks like SQL injection and cross-site scripting, and manage security posture directly within their workflow. It is particularly useful for automated security reviews, CI/CD pipeline integration, and maintaining high security standards in complex Rails codebases by analyzing source code for over 30 types of vulnerabilities.

주요 기능

01Static analysis for 30+ vulnerability types including SQLi, XSS, and Mass Assignment

02Security scan comparison to track improvements or regressions over time

030 GitHub stars

04Multi-format reporting including HTML, JSON, Markdown, and JUnit for automation

05Configurable confidence levels and check filtering for targeted security audits

06Interactive false positive management with brakeman.ignore configuration

사용 사례

01Performing automated security audits during code reviews or before production deployments

02Integrating security scanning into GitHub Actions or other CI/CD pipelines

03Investigating and remediating specific vulnerability patterns in legacy Rails applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add el-feo/ai-context brakeman

For use in Claude.ai and ChatGPT

Download Skill