Brakeman Scanner

Brakeman 5.2.2 is released! Bug fixes and an updated ruby_parser for Ruby 3.1 support: brakemanscanner.org/blog/2022/04/0…

Brakeman 6.0 is released! This major update drops support for parsing Ruby 1.8/1.9 syntax and raises the minimum Ruby version to 3.0. Check out all changes here: brakemanscanner.org/blog/2023/05/2…

It's been a while! Brakeman 5.4.1 is out: lots of updates to open redirect check, fixed file/line for EOL Ruby warnings (2.7 is coming up!), and more: brakemanscanner.org/blog/2023/02/2…

Brakeman 5.4.0 released! New checks for weak RSA keys and strange Pathname behavior, plus some bug fixes: brakemanscanner.org/blog/2022/11/1…

Followed quickly by 5.3.1 to fix the version range for CVE-2022-32209!

Brakeman 5.3.0 is out! The big news is... Warnings finally include CWE information! Big thanks to the contributors on this one! 🎉 brakemanscanner.org/blog/2022/08/0…

Four months later... noticed the 5.2.0 release post was never published. Oops. Here it is: brakemanscanner.org/blog/2021/12/1…

Rails 7.0.2.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2 have been released! This is a security release, so please upgrade when you can! You can read more about the release here: rubyonrails.org/2022/2/11/Rail…

@edwin_v @websebdev Endless and beginless ranges should be supported in Brakeman 5.1.2+

@websebdev Just remember to ignore the file in Brakeman, otherwise you get errors.

💎Rails tip💎 You can use infinite ranges with dates and numbers in your ActiveRecord queries. Examples ⬇️ #ruby #rails #rubyonrails

Brakeman 5.2.1 is released to fix an error with reporting unmaintained Ruby versions. BTW Ruby 2.6.x will be end of life on March 31st! ;)

Brakeman 5.2.0 released! Initial Rails 7 support, updated ruby_parser, new checks for unmaintained versions of Ruby/Rails, and several false positive fixes: github.com/presidentbeef/… (real release post to follow)

Brakeman 5.1.2 released! Some small bug fixes, but most importantly this release ships with the latest ruby_parser that includes Ruby 2.7 and 3.0 syntax support. brakemanscanner.org/blog/2021/10/2…

If you're a #RubyOnRails developer and want to start scanning your code for #security vulnerabilities, check out the recent episode with @presidentbeef where we dive into Brakeman security! youtube.com/watch?v=tdAdW_…

@k_12_i Oh! The latest version is 5.1.1.

@brakeman With reference to Issues, I solved this problem! I updated my brakeman's version from 4.9.1 to 4.10.0 because my Ruby version is 3.0. Thank you for your consideration!

Result must be a Sexp, was Array:[:arglist, s(:str, "App")] (SexpTypeError) brakemanで出たこのエラー、調べても出てこないけどなんだろう...

Followed quickly by 5.1.1 to fix an issue with ignore files. github.com/presidentbeef/…

Brakeman 5.1.0 is released! 🎉 Parallel file read/parsing, GitHub Actions format, SQL injection updates, ActiveRecord enum support, and a ton more. Thank you to all the contributors! brakemanscanner.org/blog/2021/07/1…

brakemanのコードリーディングは勉強になるので、ぜひおすすめしたいやつ / 週刊Railsウォッチ: DI的な書き方が必要なとき、脆弱性学習用アプリRailsGoat、brakemanは優秀ほか（20210705前編） techracho.bpsinc.jp/hachi8833/2021…