Getting started
Builds and configuration
IntroductionInstalled packagesEnvironment variablesDebugging buildsCachingParallel testingDeployment pipelinesRunning commands as rootIgnoring commandsRun a command in case of an errorSetting timezoneAccess to other repositoriesUsing scriptsGit LFSUbuntu Bionic
Continuous deployment
IntroductionFTP/SSH/SFTP/RSYNCCustom scriptHerokuHeroku MigrationAWS Elastic BeanstalkAWS CodeDeployAWS LambdaAWS S3Google App EngineAWS CLIgcloud CLIAzure CLIDigital OceanEngine YardCapistranoGit PushCloudFoundryCloud66anynines
Continuous integration
IntroductionBrowser testingBackground commandsGit submodulesCustom DNSArtifacts
Databases
IntroductionApache CassandraCouchDBDynamoDBMongoDBMySQLPostgreSQLRethinkDBSQLite
Languages and frameworks
IntroductionDartElixirGoIonicJava and JVMMeteorNode.jsPHPPythonRubyRust
Queues
IntroductionBeanstalkdRabbitMQRedis
Services
IntroductionElasticsearchMemcached
Integrations
IntroductionUsing AnchoreUsing CodeShip APIUsing AppranixUsing AssertibleUsing AtatusUsing Brakeman ProUsing CodacyUsing CodeclimateUsing CodecovUsing CoverallsCustom integrationsUsing DepfuUsing FirebaseUsing Ghost InspectorUsing GosecUsing HoneycombUsing OpsGenieUsing PagerDutyUsing PercyUsing PulumiUsing RancherUsing RaygunUsing RedLine13Using RollbarUsing RunscopeUsing SnykUsing Testable
Getting started
IntroductionCloudBees CodeShip Pro introduction guideCloudBees CodeShip Pro introduction guide 2CloudBees CodeShip Pro introduction guide 3CloudBees CodeShip Pro introduction guide 4CloudBees CodeShip Pro introduction guide 5
Migrating to CloudBees CodeShip Pro
Docker for CI/CD
Getting started with CloudBees CodeShip Pro overview and resources
Builds and configuration
IntroductionServices configSteps configEnvironment variablesImage registriesImage cachingBuild argumentsVolumesHandling secretsMultiple reposServices and databasesSetting an SSH private keyPreinstalled images
Jet CLI
IntroductionInstallationUsing the Jet CLIjet cleanupjet decryptjet encryptjet generatejet loadjet runjet stepsjet updatejet validatejet version
Continuous deployment
IntroductionAWSAWS S3AWS EBAWS ECSAWS EKSAWS CodeDeployAzure Container ServiceHerokuGoogle CloudGoogle App EngineGoogle Cloud FunctionsGoogle Container EngineGoogle Compute EngineKubernetesTerraformDeploy Via SSHDocker SwarmIBM Cloud FoundryIBM Cloud Container Service
Continuous integration
IntroductionBrowser testingParallel testing
Languages and frameworks
IntroductionElixirGoJava and JVMNode.jsPHPPythonRuby
Common issues
IntroductionCaching multi-stage DockerfileContainer is slow to exitDiffering results with Jet CLIDocker Hub rate limitingManaging multiple environments for a serviceReducing log output from dependent containersStep log not appearingUsing env vars in command steps
Integrations
IntroductionUsing AnchoreUsing CodeShip APIUsing AppranixUsing AssertibleUsing AtatusUsing Brakeman ProUsing CodacyUsing CodeclimateUsing CodecovUsing CoverallsCustom integrationsUsing DepfuUsing FirebaseUsing Ghost InspectorUsing GosecUsing HoneycombUsing OpsGenieUsing PagerDutyUsing PercyUsing PulumiUsing RancherUsing RaygunUsing RedLine13Using RollbarUsing RunscopeUsing SnykUsing Testable

Integrating CloudBees CodeShip with Brakeman Pro for Rails security analysis

2 minute read

About Brakeman Pro

Brakeman Pro is as service for automatically testing and reporting on your Rails application’s security vulnerabilities.

By using Brakeman Pro you can be confident that your Rails application is secure and up to date.

Their documentation does a great job of providing more information, in addition to the setup instructions below.

CloudBees CodeShip Pro

Setting your credentials

To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.

Adding The Gem

After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s Dockerfile, which is built by your codeship-services.yml file.

This can be done with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile instead):

RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running Reports

Next, you’ll want to run the actual command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:

- name: brakeman-pro
  service: your_service
  command: brakeman-pro --exit-on-warn --quiet -f plain

There are several specific options that Brakeman Pro recommends for modifying the report behavior:

  • --exit-on-warn: This option is important because it will cause the build to fail if any warnings are found

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead

  • --f plain: Generates a nice, colored text report

CloudBees CodeShip Basic

Setting your credentials

To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

Adding The Gem

After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s setup commands. This can be done with the following command, or by adding the gem to your project’s Gemfile (which requires bundle install in your setup commands instead):

gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running Reports

Next, you’ll want to run the actual command to generate a Brakeman Pro report in your project’s test commands:

brakeman-pro --exit-on-warn --quiet -f plain

There are several specific options that Brakeman Pro recommends for modifying the report behavior:

  • --exit-on-warn: This option is important because it will cause the build to fail if any warnings are found

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead

  • --f plain: Generates a nice, colored text report

Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.

Using Atatus
Using Codacy