Ruby on Rails applications security vulnerability checking tool - Brakeman

Rails is one of the best frameworks for building websites, solving many security issues like SQL injection and XSS by default. However, vulnerabilities can still occur.

Brakeman is a static analysis tool that checks Rails applications for security vulnerabilities by looking at the source code. You don't need to set up the whole application stack to use it.

Installation

Using RubyGems:

gem install brakeman

Using Bundler (add to the development group in Gemfile):

group :development do
  gem 'brakeman', :require => false
end

Running Brakeman

Run it with no options in the root directory of your Rails application:

brakeman

To specify an output file (formats: text, html, json, markdown, etc.):

brakeman -o output.html
brakeman -o output.json

Example Result

Visit the official site for more documentation.