Brakeman Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID brakeman Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
0.7 (archives)
Mar 21, 2012
analysis-core (version:1.38)
maven-plugin (version:1.409)
Source Code
Issue Tracking
Pull Requests
Open Issues
Pull Requests
Justin Collins (id: presidentbeef)
Usage Installations 2014-Nov 518
2014-Dec 470
2015-Jan 493
2015-Feb 514
2015-Mar 535
2015-Apr 540
2015-May 538
2015-Jun 531
2015-Jul 543
2015-Aug 532
2015-Sep 534
2015-Oct 514

This plugin reads output from Brakeman, a static analysis security vulnerability scanner for Ruby on Rails.


This plugin takes output from Brakeman, a security scanner for Ruby on Rails that finds vulnerabilities via static analysis, and uses the "Static Analysis Utilities" plugin to produce nice reports like these.

Brakeman detects security vulnerabilities in Ruby on Rails applications such as cross-site scripting, SQL injection, command injection, unsafe redirects, mass assignment, file access, default routes, and more.


Running Brakeman

Because of the many ways Ruby and gems can be installed, the plugin does not actually run Brakeman for you.

Running Brakeman can be accomplished by adding an "Execute Shell" build step. The command to use will vary based on your Ruby setup.

The simplest command would look like this:

  brakeman -o brakeman-output.tabs

This assumes Brakeman is globally available on the machine where Jenkins is running.

The following options are recommended:

  brakeman -o brakeman-output.tabs --no-progress --separate-models

To automatically install/update Brakeman (if needed):

  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models

To use rvm (with Bash):

  bash -l -c 'rvm use 1.9.2 &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

It might be a good idea to use gemsets, too:

  bash -l -c 'rvm use ruby-1.9.3 &&
  rvm gemset create brakeman-jenkins &&
  rvm gemset use brakeman-jenkins &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

The output from running Brakeman MUST be in the "tabs" format. This can be accomplished either by using "-f tabs" or simply adding ".tabs" at the end of the output file name.
"brakeman-output.tabs" is the default file name used by the plugin, but can be set to any file name.

Publishing Results

Check the "Publish Brakeman warnings" option under "Post-build Actions". Make sure the output file name matches the one used in the shell command.

Setting Thresholds

It is possible to set thresholds for warnings, so that builds can be marked as unstable or failed depending on the number of warnings reported.

To set thresholds, click the "Advanced..." button next to "Publish Brakeman warnings".

To set set thresholds based on new warnings found, check the "Compute new warnings (based on reference build)" box. This opens another set of thresholds.


plugin-report plugin-report Delete
plugin-ruby plugin-ruby Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.