Secure Your Rails Applications

Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.

🚀 Get Started 📖 Read Documentation
terminal
# Install Brakeman
gem install brakeman
# Scan your Rails app
brakeman
== Brakeman Report ==
# ...

Why Use Brakeman?

Fast and easy security scans built by the community

🎯

Rails-Specific

Built specifically for Ruby on Rails. Understands Rails patterns, conventions, and common vulnerability patterns.

🔧

Zero Configuration

Works out of the box with sensible defaults.

🔍

Broad Coverage

Detects SQL injection, cross-site scripting, command injection, and dozens of other vulnerability types.

Latest News

Stay up to date with the latest releases and community contributions

Version 7.1.2

Brakeman 7.1.2 Released

December 2025 • Ruby 4.0 compatibility and fewer false positives

Dependency Updates

🎉 What's New

  • Update ruby_parser to remove max version restriction (Chedli Bourguiba)
  • Increase minimum Ruby version to 3.2.0
  • Reduce SQL injection false positives from count (and other) calls (#1936)
  • Remove more XSS false positives related to Haml attribute builder
Read Full Release Notes →

Brakeman 7.1.1 Released

Faster File Search on MacOS

November 2025

Brakeman-LLM Released

A long time ago, when Brakeman was first designed, its output was optimized to fit into tables like this, with...

August 2025

Brakeman 7.1.0 Released

Haml 6 Support

July 2025

Brakeman 7.0.2 Released

Error on Empty Environment Variable

April 2025