Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/prontolabs/pronto-brakeman

Pronto runner for Brakeman, security vulnerability scanner for RoR
https://github.com/prontolabs/pronto-brakeman

analyzer brakeman pronto pronto-runner ruby-on-rails security security-scanner

Last synced: 4 months ago
JSON representation

Pronto runner for Brakeman, security vulnerability scanner for RoR

Awesome Lists containing this project

README 

        
# Pronto runner for Brakeman



[![Code Climate](https://codeclimate.com/github/prontolabs/pronto-brakeman.png)](https://codeclimate.com/github/prontolabs/pronto-brakeman)

[![Build Status](https://github.com/prontolabs/pronto-brakeman/actions/workflows/checks.yml/badge.svg)](https://github.com/prontolabs/pronto-brakeman/actions/workflows/checks.yml)

[![Gem Version](https://badge.fury.io/rb/pronto-brakeman.png)](http://badge.fury.io/rb/pronto-brakeman)



Pronto runner for [Brakeman](https://github.com/presidentbeef/brakeman), security vulnerability scanner for RoR. [What is Pronto?](https://github.com/prontolabs/pronto)



## Severity mapping



Brakeman [Confidence](https://github.com/presidentbeef/brakeman#confidence-levels) is mapped to severity levels on the

messages generated by Pronto. High confidence maps to fatal, medium confidence maps to warning, and low confidence maps

to info.



# Options

Brakeman also includes some optional checks and by setting the following in your `.pronto.yml` you can run every check included in the gem:



## Run all checks



```yaml

brakeman:

  run_all_checks: true

```



(This is the equivalent of running `brakeman -A` on the command line.)



## Ignore file



```yaml

brakeman:

  ignore_file: '.brakeman'

```



(This is the equivalent of running `brakeman -i IGNOREFILE` on the command line.)