Getting started
IntroductionInstalled packagesEnvironment variablesDebugging buildsCachingParallel testingDeployment pipelinesRunning commands as rootIgnoring commandsRun a command in case of an errorSetting timezoneAccess to other repositoriesUsing scriptsGit LFSUbuntu 20.04 Focal
IntroductionFTP/SSH/SFTP/RSYNCCustom scriptHerokuHeroku MigrationAWS Elastic BeanstalkAWS CodeDeployAWS LambdaAWS S3Google App EngineAWS CLIgcloud CLIAzure CLIDigital OceanEngine YardCapistranoGit PushCloudFoundryCloud66anynines
IntroductionBrowser testingBackground commandsGit submodulesCustom DNSArtifacts
IntroductionCassandraCouchDBDynamoDBMongoDBMySQLPostgreSQLSQLite
IntroductionDartElixirGoJava and JVMMeteorNode.jsPHPPythonRubyRust
IntroductionBeanstalkdRabbitMQRedis
IntroductionElasticsearchMemcachedSphinx
IntroductionUsing AnchoreUsing CodeShip APIUsing AppranixUsing AssertibleUsing AtatusUsing Brakeman ProUsing CodacyUsing CodeclimateUsing CodecovUsing CoverallsCustom integrationsUsing DepfuUsing FirebaseUsing Ghost InspectorUsing GosecUsing HoneycombUsing OpsGenieUsing PagerDutyUsing PercyUsing PulumiUsing RancherUsing RaygunUsing RedLine13Using RollbarUsing RunscopeUsing SnykUsing Testable
IntroductionCloudBees CodeShip Pro introduction guideCloudBees CodeShip Pro introduction guide 2CloudBees CodeShip Pro introduction guide 3CloudBees CodeShip Pro introduction guide 4CloudBees CodeShip Pro introduction guide 5
Migrating to CloudBees CodeShip Pro
Docker for CI/CD
Getting started with CloudBees CodeShip Pro overview and resources
IntroductionServices configSteps configEnvironment variablesImage registriesImage cachingBuild argumentsVolumesHandling secretsMultiple reposServices and databasesSetting an SSH private keyPreinstalled images
IntroductionInstallationUsing the Jet CLIjet cleanupjet decryptjet encryptjet generatejet loadjet runjet stepsjet updatejet validatejet version
IntroductionAWSAWS S3AWS EBAWS ECSAWS EKSAWS CodeDeployAzure Container ServiceHerokuGoogle CloudGoogle App EngineGoogle Cloud FunctionsGoogle Container EngineGoogle Compute EngineKubernetesTerraformDeploy Via SSHDocker SwarmIBM Cloud FoundryIBM Cloud Container Service
IntroductionBrowser testingParallel testing
IntroductionElixirGoJava and JVMNode.jsPHPPythonRuby
IntroductionCaching multi-stage DockerfileContainer is slow to exitDiffering results with Jet CLIDocker Hub rate limitingManaging multiple environments for a serviceReducing log output from dependent containersStep log not appearingUsing env vars in command steps
IntroductionUsing AnchoreUsing CodeShip APIUsing AppranixUsing AssertibleUsing AtatusUsing Brakeman ProUsing CodacyUsing CodeclimateUsing CodecovUsing CoverallsCustom integrationsUsing DepfuUsing FirebaseUsing Ghost InspectorUsing GosecUsing HoneycombUsing OpsGenieUsing PagerDutyUsing PercyUsing PulumiUsing RancherUsing RaygunUsing RedLine13Using RollbarUsing RunscopeUsing SnykUsing Testable

Integrating CloudBees CodeShip with Brakeman Pro for Rails security analysis

2 minute read

About Brakeman Pro

Brakeman Pro is as service for automatically testing and reporting on your Rails application’s security vulnerabilities.

By using Brakeman Pro you can be confident that your Rails application is secure and up to date.

Their documentation does a great job of providing more information, in addition to the setup instructions below.

CloudBees CodeShip Pro

Setting your credentials

To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables that you encrypt and include in your codeship-services.yml file.

Adding The Gem

After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s Dockerfile, which is built by your codeship-services.yml file.

This can be done with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile instead):

RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running Reports

Next, you’ll want to run the actual command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:

- name: brakeman-pro
  service: your_service
  command: brakeman-pro --exit-on-warn --quiet -f plain

There are several specific options that Brakeman Pro recommends for modifying the report behavior:

  • --exit-on-warn: This option is important because it will cause the build to fail if any warnings are found

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead

  • --f plain: Generates a nice, colored text report

CloudBees CodeShip Basic

Setting your credentials

To start, you need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

Adding The Gem

After adding the credentials, you’ll need to install the Brakeman Pro gem via your project’s setup commands. This can be done with the following command, or by adding the gem to your project’s Gemfile (which requires bundle install in your setup commands instead):

gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running Reports

Next, you’ll want to run the actual command to generate a Brakeman Pro report in your project’s test commands:

brakeman-pro --exit-on-warn --quiet -f plain

There are several specific options that Brakeman Pro recommends for modifying the report behavior:

  • --exit-on-warn: This option is important because it will cause the build to fail if any warnings are found

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead

  • --f plain: Generates a nice, colored text report

Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.

Using Atatus
Using Codacy