Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

🚀 Get Started 📖 Read Documentation

terminal

# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 8.0.5

Brakeman 8.0.5

June 2026 • Lots of bug fixes

Breaking with tradition, since these are all bug fixes that are pretty clear from the description I will not be writing up detailed notes.

🎉 What's New

Add quote_schema_name to safe quote method list (changes by Zsolt Kozaroczy)
Fix SQL injection false positive for compact_blank/compact on permitted params (changes by Arpit Jain)
Fix inline render false positive for local named text (changes by Arpit Jain)
Fix HAML crash on .raw calls (changes by Federico Franco)

Read Full Release Notes →

Secure Your Rails Applications

Why Use Brakeman?

Rails-Specific

Zero Configuration

Broad Coverage

Latest News

Brakeman 8.0.5

🎉 What's New

Brakeman 8.0.3

Brakeman 8.0.1

Brakeman 8.0.0

Brakeman 7.1.2 Released