Brakeman/RSpec Inegration

rails_helper.rb

ENV["RAILS_ENV"] ||= 'test'
require 'spec_helper'
require File.expand_path("../../config/environment", __FILE__)
require 'rspec/rails'
require 'brakeman'

ActiveRecord::Migration.maintain_test_schema!

RSpec.configure do |config|
  config.use_transactional_fixtures = true
  config.infer_spec_type_from_file_location!
  #Use this for a Rails Application
  config.after(:suite) {Brakeman.run app_path: "#{Rails.root}", output_files: ['brakeman.html']}
  #Use this for a Rails Engine
  config.after(:suite) {Brakeman.run app_path: "#{MyEngine::Engine.root}", output_files: ['brakeman.html']}
end

Found more examples online - here's how we connected the Brakeman result to rspec result:

#Use this for a Rails Application
config.after(:suite) do
example_group = RSpec.describe('Brakeman Issues')
example = example_group.example('must have 0 Critical Security Issues') do
res=Brakeman.run app_path: "#{Rails.root}", output_files: ['brakeman.html']
serious=res.warnings.count { |w| w.confidence==0 }
puts "\n\nBrakeman Result:\n Critical Security Issues = #{serious}"
expect(serious).to eq 0
end
example_group.run
passed = example.execution_result.status == :passed
RSpec.configuration.reporter.example_failed example unless passed
end

If you want to discarded ignored critical warnings, line about the count the serious warnings should be something like:

  serious =res.filtered_warnings.count { |w| w.confidence==0 }

@heliocola I haven't done any serious Ruby on Rails development in a couple of years. So this is pretty stale on my end. Thanks for adding info for others who see this thread.

From what I can see that is still one way to do this, so THANK YOU!
There is also a way to run this via CircleCI command bundle exec brakeman.
IMHO: this absolutely aged very, very well!