Integrating with Brakeman Pro for Rails Security Analysis

Written by: Manuel Weiss
3 min read
Stay connected

There are a variety of third-party products you can integrate with Codeship Basic and Codeship Pro to improve your CI/CD pipeline. Brakeman Pro, a service for automatically testing and reporting on your Rails application’s security vulnerabilities, is one such integration opportunity. We'll walk through the setup instructions, but of course, Brakeman Pro's documentation does a great job of providing more information.

Getting Started with Codeship Pro and Brakeman Pro

We'll cover Codeship Pro first. To begin, you'll need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables in your codeship-services.yml file.

Adding the gem

After you've added your credentials, install the Brakeman Pro gem via your project’s Dockerfile, built by your codeship-services.yml file. You can do this with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile):

RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running Brakeman Pro reports

Finally, run the command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:

- name: brakeman-pro
  service: your_service
  command: brakeman-pro --exit-on-warn --quiet -f plain

Here are a few specific options that Brakeman Pro recommends for modifying report behavior:

  • --exit-on-warn: Causes the build to fail if any warnings are found. Important!

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead.

  • --f plain: Generates a nice, colored text report.

!Sign up for a free Codeship Account

Getting Started with Codeship Basic and Brakeman Pro

Moving on to Codeship Basic, you'll need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your environment variables. You can do this by navigating to Project Settings and then clicking the Environment tab.

Adding the gem

Next, install the Brakeman Pro gem via your project’s setup commands. This can be done with the following command, or by adding the gem to your project’s Gemfile (requiring bundle install in your setup commands instead):

gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/

Running reports

To wrap up, run the command to generate a Brakeman Pro report in your project’s test commands:

brakeman-pro --exit-on-warn --quiet -f plain

Brakeman Pro recommends a few specific options to modify report behavior:

  • --exit-on-warn: Causes the build to fail if any warnings are found. Important!

  • --quiet: Removes extraneous output. If –quiet is too quiet, –no-report-progress is recommended instead.

  • --f plain: Generates a nice, colored text report.

Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.

Conclusion

To include automatic testing and reporting for your Rails application, consider integrating Brakeman Pro with Codeship. Interested in other third-party integrations for Codeship? We’ve got you covered with our integrations portal right here.

Stay up to date

We'll never share your email address and you can opt out at any time, we promise.