Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

🚀 Get Started 📖 Read Documentation
terminal
# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 8.0.3

Brakeman 8.0.3

February 2026 • Bug fixes and age delay for --ensure-latest

Add Age Option for Latest Release

🎉 What's New

  • Add release age option for --ensure-latest (#1989)
  • Fix polymorphic_name SQLi false positive (Fredrico Franco)
  • Fix logger behavior when loading config files (#2009)
  • Handle application names with module prefixes (#2011)
Read Full Release Notes →

Brakeman 8.0.1

(Changes)

January 2026

Brakeman 8.0.0

New Scanner Progress Output

January 2026

Brakeman 7.1.2 Released

Dependency Updates

December 2025

Brakeman 7.1.1 Released

Faster File Search on MacOS

November 2025