Integrating with Brakeman Pro for Rails Security Analysis
There are a variety of third-party products you can integrate with Codeship Basic and Codeship Pro to improve your CI/CD pipeline. Brakeman Pro, a service for automatically testing and reporting on your Rails application’s security vulnerabilities, is one such integration opportunity. We'll walk through the setup instructions, but of course, Brakeman Pro's documentation does a great job of providing more information.
Getting Started with Codeship Pro and Brakeman Pro
We'll cover Codeship Pro first. To begin, you'll need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your encrypted environment variables in your codeship-services.yml file.
Adding the gem
After you've added your credentials, install the Brakeman Pro gem via your project’s Dockerfile, built by your codeship-services.yml file. You can do this with the following command in your Dockerfile, or by adding the gem to your project’s Gemfile (which requires bundle install in your Dockerfile):
RUN gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Running Brakeman Pro reports
Finally, run the command to generate a Brakeman Pro report as a new step in your codeship-steps.yml file:
- name: brakeman-pro service: your_service command: brakeman-pro --exit-on-warn --quiet -f plain
Here are a few specific options that Brakeman Pro recommends for modifying report behavior:
--exit-on-warn: Causes the build to fail if any warnings are found. Important!--quiet: Removes extraneous output. If–quietis too quiet,–no-report-progressis recommended instead.-
-f plain: Generates a nice, colored text report.
!Sign up for a free Codeship Account
Getting Started with Codeship Basic and Brakeman Pro
Moving on to Codeship Basic, you'll need to add your BRAKEMAN_PRO_USER and BRAKEMAN_PRO_PASSWORD credentials to your environment variables. You can do this by navigating to Project Settings and then clicking the Environment tab.
Adding the gem
Next, install the Brakeman Pro gem via your project’s setup commands. This can be done with the following command, or by adding the gem to your project’s Gemfile (requiring bundle install in your setup commands instead):
gem install brakeman-pro --source https://$BRAKEMAN_PRO_USER:$BRAKEMAN_PRO_PASSWORD@brakemanpro.com/gems/
Running reports
To wrap up, run the command to generate a Brakeman Pro report in your project’s test commands:
brakeman-pro --exit-on-warn --quiet -f plain
Brakeman Pro recommends a few specific options to modify report behavior:
--exit-on-warn: Causes the build to fail if any warnings are found. Important!--quiet: Removes extraneous output. If–quietis too quiet,–no-report-progressis recommended instead.--f plain: Generates a nice, colored text report.
Note that if you are using parallel pipelines then you likely only want to add this command to a single pipeline, rather than multiple pipelines.
Conclusion
To include automatic testing and reporting for your Rails application, consider integrating Brakeman Pro with Codeship. Interested in other third-party integrations for Codeship? We’ve got you covered with our integrations portal right here.
Stay up to date
We'll never share your email address and you can opt out at any time, we promise.