Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

terminal
# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 8.0.3

Brakeman 8.0.3

Add Age Option for Latest Release

🎉 What's New

  • Add release age option for --ensure-latest (#1989)
  • Fix polymorphic_name SQLi false positive (Fredrico Franco)
  • Fix logger behavior when loading config files (#2009)
  • Handle application names with module prefixes (#2011)
Read Full Release Notes →