Brakeman Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID brakeman Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
Dependencies
0.7
Mar 21, 2012
1.409
analysis-core (version:1.38)
maven-plugin (version:1.409)
Source Code
Issue Tracking
Maintainer(s)
GitHub
Open Issues
Justin Collins (id: presidentbeef)
Usage Installations 2013-Apr 335
2013-May 345
2013-Jun 361
2013-Jul 364
2013-Aug 393
2013-Sep 389
2013-Oct 429
2013-Nov 417
2013-Dec 410
2014-Jan 423
2014-Feb 403
2014-Mar 441

This plugin reads output from Brakeman, a static analysis security vulnerability scanner for Ruby on Rails.

Description

This plugin takes output from Brakeman, a security scanner for Ruby on Rails that finds vulnerabilities via static analysis, and uses the "Static Analysis Utilities" plugin to produce nice reports like these.

Brakeman detects security vulnerabilities in Ruby on Rails applications such as cross-site scripting, SQL injection, command injection, unsafe redirects, mass assignment, file access, default routes, and more.

Setup

Running Brakeman

Because of the many ways Ruby and gems can be installed, the plugin does not actually run Brakeman for you.

Running Brakeman can be accomplished by adding an "Execute Shell" build step. The command to use will vary based on your Ruby setup.

The simplest command would look like this:

  brakeman -o brakeman-output.tabs

This assumes Brakeman is globally available on the machine where Jenkins is running.

The following options are recommended:

  brakeman -o brakeman-output.tabs --no-progress --separate-models

To automatically install/update Brakeman (if needed):

  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models

To use rvm (with Bash):

  bash -l -c 'rvm use 1.9.2 &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

It might be a good idea to use gemsets, too:

  bash -l -c 'rvm use ruby-1.9.3 &&
  rvm gemset create brakeman-jenkins &&
  rvm gemset use brakeman-jenkins &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

The output from running Brakeman MUST be in the "tabs" format. This can be accomplished either by using "-f tabs" or simply adding ".tabs" at the end of the output file name.
"brakeman-output.tabs" is the default file name used by the plugin, but can be set to any file name.

Publishing Results

Check the "Publish Brakeman warnings" option under "Post-build Actions". Make sure the output file name matches the one used in the shell command.

Setting Thresholds

It is possible to set thresholds for warnings, so that builds can be marked as unstable or failed depending on the number of warnings reported.

To set thresholds, click the "Advanced..." button next to "Publish Brakeman warnings".

To set set thresholds based on new warnings found, check the "Compute new warnings (based on reference build)" box. This opens another set of thresholds.

Labels

Edit
plugin-report plugin-report Delete
plugin-ruby plugin-ruby Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.