You'll need roughly 3 minutes to read this article.
Brakeman Pro is as service for automatically testing and reporting on your Rails application’s security vulnerabilities.
By using Brakeman Pro you can be confident that your Rails application is secure and up to date.
Their documentation does a great job of providing more information, in addition to the setup instructions below.
To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.
After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s Dockerfile, which is built by your codeship-services.yml file.
This can be done with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile instead):
RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Next, you’ll want to run the actual command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:
- name: brakeman-pro
service: your_service
command: brakeman-pro --exit-on-warn --quiet -f plain
There are several specific options that Brakeman Pro recommends for modifying the report behavior:
--exit-on-warn: This option is important because it will cause the build to fail if any warnings are found
--quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead
--f plain: Generates a nice, colored text report
To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your environment variables.
You can do this by navigating to Project Settings and then clicking on the Environment tab.
After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s setup commands. This can be done with the following command, or by adding the gem to your project’s Gemfile (which requires bundle install in your setup commands instead):
gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Next, you’ll want to run the actual command to generate a Brakeman Pro report in your project’s test commands:
brakeman-pro --exit-on-warn --quiet -f plain
There are several specific options that Brakeman Pro recommends for modifying the report behavior:
--exit-on-warn: This option is important because it will cause the build to fail if any warnings are found
--quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead
--f plain: Generates a nice, colored text report
Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.
Get in touch if you have any further questions. You can either post on Stack Overflow using the tag #codeship or ask us a question via our Helpdesk.
We also have a couple of code examples and sample projects available, that make it easier to get started with Codeship.