Created
July 21, 2021 18:19
-
-
Save stephancom/3720226cab318d336b71e1fb3544b2c2 to your computer and use it in GitHub Desktop.
brakeman shell script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # _ _ | |
| # | |__ _ _ __ _ | |__ ___ _ __ __ _ _ _ | |
| # | '_ \ | '_| / _` | | / / / -_) | ' \ / _` | | ' \ | |
| # |_.__/ _|_|_ \__,_| |_\_\ \___| |_|_|_| \__,_| |_||_| | |
| # _|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""|_|"""""| | |
| # "`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-'"`-0-0-' | |
| # | |
| # Script for running Brakeman tests | |
| # Brakeman is a security scanner https://github.com/presidentbeef/brakeman. | |
| # | |
| # based on: https://semaphoreci.com/community/tutorials/automatic-security-testing-of-rails-applications-using-brakeman | |
| # install brakeman from scratch every time. Brakeman is regularly updated with new security checks. | |
| # A fresh install thus ensures that you have the latest version every time the checks are performed | |
| gem install -N brakeman | |
| # run brakeman with -I to generate/update the `brakeman.ignore` file, which should be checked into version control. | |
| # TODO: IMPORTANT! reduce confidence level and fix/ignore lower level warnings, eventually remove that flag. | |
| brakeman --ignore-config brakeman.ignore --exit-on-warn --confidence-level 3 --github-repo YOUR_ORG/YOUR_REPO -o ./artifacts/brakeman.md -o ./artifacts/brakeman.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment