Brakeman Security Scanner
yaml
1jobs:
2 security:
3 runs-on: ubuntu-latest
4
5 steps:
6 - uses: actions/checkout@v4
7
8 - uses: ruby/setup-ruby@v1
9 with:
10 ruby-version: '3.2'
11 bundler-cache: true
12
13 - name: Run Brakeman
14 run: bundle exec brakeman -q -w2Brakeman Options
bash
1# Quick scan
2bundle exec brakeman -q
3
4# Only high confidence warnings
5bundle exec brakeman -w2
6
7# Output formats
8bundle exec brakeman -f json -o brakeman-output.json
9bundle exec brakeman -f html -o brakeman-report.htmlConfiguration
yaml
1# config/brakeman.yml
2---
3:skip_checks:
4 - CheckRender
5
6:skip_files:
7 - lib/legacy/
8
9:safe_methods:
10 - :my_safe_methodBundler Audit
Check for vulnerable gems:
yaml
1- name: Run bundler-audit
2 run: |
3 gem install bundler-audit
4 bundle-audit check --updateCombined Security Job
yaml
1security:
2 runs-on: ubuntu-latest
3 steps:
4 - uses: actions/checkout@v4
5 - uses: ruby/setup-ruby@v1
6
7 - name: Brakeman
8 run: bundle exec brakeman -q -w2
9
10 - name: Bundle Audit
11 run: bundle exec bundle-audit check --update