Brakeman Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID brakeman Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
0.7 (archives)
Mar 21, 2012
analysis-core (version:1.38)
maven-plugin (version:1.409)
Source Code
Issue Tracking
Open Issues
Justin Collins (id: presidentbeef)
Usage Installations 2014-Mar 441
2014-Apr 461
2014-May 450
2014-Jun 468
2014-Jul 479
2014-Aug 473
2014-Sep 492
2014-Oct 510
2014-Nov 518
2014-Dec 470
2015-Jan 493
2015-Feb 514

This plugin reads output from Brakeman, a static analysis security vulnerability scanner for Ruby on Rails.


This plugin takes output from Brakeman, a security scanner for Ruby on Rails that finds vulnerabilities via static analysis, and uses the "Static Analysis Utilities" plugin to produce nice reports like these.

Brakeman detects security vulnerabilities in Ruby on Rails applications such as cross-site scripting, SQL injection, command injection, unsafe redirects, mass assignment, file access, default routes, and more.


Running Brakeman

Because of the many ways Ruby and gems can be installed, the plugin does not actually run Brakeman for you.

Running Brakeman can be accomplished by adding an "Execute Shell" build step. The command to use will vary based on your Ruby setup.

The simplest command would look like this:

  brakeman -o brakeman-output.tabs

This assumes Brakeman is globally available on the machine where Jenkins is running.

The following options are recommended:

  brakeman -o brakeman-output.tabs --no-progress --separate-models

To automatically install/update Brakeman (if needed):

  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models

To use rvm (with Bash):

  bash -l -c 'rvm use 1.9.2 &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

It might be a good idea to use gemsets, too:

  bash -l -c 'rvm use ruby-1.9.3 &&
  rvm gemset create brakeman-jenkins &&
  rvm gemset use brakeman-jenkins &&
  gem install brakeman --no-ri --no-rdoc &&
  brakeman -o brakeman-output.tabs --no-progress --separate-models'

The output from running Brakeman MUST be in the "tabs" format. This can be accomplished either by using "-f tabs" or simply adding ".tabs" at the end of the output file name.
"brakeman-output.tabs" is the default file name used by the plugin, but can be set to any file name.

Publishing Results

Check the "Publish Brakeman warnings" option under "Post-build Actions". Make sure the output file name matches the one used in the shell command.

Setting Thresholds

It is possible to set thresholds for warnings, so that builds can be marked as unstable or failed depending on the number of warnings reported.

To set thresholds, click the "Advanced..." button next to "Publish Brakeman warnings".

To set set thresholds based on new warnings found, check the "Compute new warnings (based on reference build)" box. This opens another set of thresholds.


plugin-report plugin-report Delete
plugin-ruby plugin-ruby Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.