About Brakeman Pro
Brakeman Pro is as service for automatically testing and reporting on your Rails application’s security vulnerabilities.
By using Brakeman Pro you can be confident that your Rails application is secure and up to date.
Their documentation does a great job of providing more information, in addition to the setup instructions below.
CloudBees CodeShip Pro
Setting your credentials
To start, you need to add your BRAKEMAN_PRO_USER
and
BRAKEMAN_PRO_PASSWORD
credentials to your
encrypted environment variables that you encrypt and include in your
codeship-services.yml file.
Adding The Gem
After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s Dockerfile, which is built by your codeship-services.yml file.
This can be done with the following command in your Dockerfile, or by
adding the gem to your project’s Gemfile
(which requires
bundle install
in your Dockerfile instead):
RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Running Reports
Next, you’ll want to run the actual command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:
- name: brakeman-pro
service: your_service
command: brakeman-pro --exit-on-warn --quiet -f plain
There are several specific options that Brakeman Pro recommends for modifying the report behavior:
-
--exit-on-warn
: This option is important because it will cause the build to fail if any warnings are found -
--quiet
: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead -
--f plain
: Generates a nice, colored text report
CloudBees CodeShip Basic
Setting your credentials
To start, you need to add your BRAKEMAN_PRO_USER
and
BRAKEMAN_PRO_PASSWORD
credentials to your
environment variables.
You can do this by navigating to Project Settings and then clicking on the Environment tab.
Adding The Gem
After adding the credentials, you’ll need to install the Brakeman Pro
gem via your
project’s setup commands. This can be done with the following command, or by
adding the gem to your project’s Gemfile
(which requires
bundle install
in your setup commands instead):
gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Running Reports
Next, you’ll want to run the actual command to generate a Brakeman Pro report in your project’s test commands:
brakeman-pro --exit-on-warn --quiet -f plain
There are several specific options that Brakeman Pro recommends for modifying the report behavior:
-
--exit-on-warn
: This option is important because it will cause the build to fail if any warnings are found -
--quiet
: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead -
--f plain
: Generates a nice, colored text report
Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.