[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-7678":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":16,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":22,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},7678,"brakeman","presidentbeef\u002Fbrakeman","presidentbeef","A static analysis security vulnerability scanner for Ruby on Rails applications","https:\u002F\u002Fbrakemanscanner.org\u002F",null,"Ruby",7246,771,158,99,0,20,66.66,"Other",false,"main",true,[5,24,25,26,27,28,29,30,31],"rails","ruby","security","security-audit","security-tools","security-vulnerability","static-analysis","vulnerabilities","2026-06-12 04:00:35","[![Brakeman Logo](http:\u002F\u002Fbrakemanscanner.org\u002Fimages\u002Flogo_medium.png)](http:\u002F\u002Fbrakemanscanner.org\u002F)\n\n[![Build Status](https:\u002F\u002Fcircleci.com\u002Fgh\u002Fpresidentbeef\u002Fbrakeman.svg?style=svg)](https:\u002F\u002Fcircleci.com\u002Fgh\u002Fpresidentbeef\u002Fbrakeman)\n[![Code Coverage](https:\u002F\u002Fqlty.sh\u002Fgh\u002Fpresidentbeef\u002Fprojects\u002Fbrakeman\u002Fcoverage.svg)](https:\u002F\u002Fqlty.sh\u002Fgh\u002Fpresidentbeef\u002Fprojects\u002Fbrakeman)\n\n# Brakeman\n\nBrakeman is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities.\n\n# Installation\n\nUsing RubyGems:\n\n    gem install brakeman\n\nUsing Bundler:\n\n```ruby\ngroup :development do\n  gem 'brakeman', require: false\nend\n```\n\nUsing Docker:\n\n    docker pull presidentbeef\u002Fbrakeman\n\nUsing Docker to build from source:\n\n    git clone https:\u002F\u002Fgithub.com\u002Fpresidentbeef\u002Fbrakeman.git\n    cd brakeman\n    docker build . -t brakeman\n\n# Usage\n\n#### Running locally\n\nFrom a Rails application's root directory:\n\n    brakeman\n\nOutside of Rails root:\n\n    brakeman \u002Fpath\u002Fto\u002Frails\u002Fapplication\n\n#### Running with Docker\n\nFrom a Rails application's root directory:\n\n    docker run -v \"$(pwd)\":\u002Fcode presidentbeef\u002Fbrakeman\n\nWith a little nicer color:\n\n    docker run -v \"$(pwd)\":\u002Fcode presidentbeef\u002Fbrakeman --color\n\nFor an HTML report:\n\n    docker run -v \"$(pwd)\":\u002Fcode presidentbeef\u002Fbrakeman -o brakeman_results.html\n\nOutside of Rails root (note that the output file is relative to path\u002Fto\u002Frails\u002Fapplication):\n\n    docker run -v 'path\u002Fto\u002Frails\u002Fapplication':\u002Fcode presidentbeef\u002Fbrakeman -o brakeman_results.html\n\n# Compatibility\n\nBrakeman should work with any version of Rails from 2.3.x to 8.x.\n\nBrakeman can analyze code written with Ruby 2.0 syntax and newer, but requires at least Ruby 3.2.0 to run.\n\n# Basic Options\n\nFor a full list of options, use `brakeman --help` or see the [OPTIONS.md](OPTIONS.md) file.\n\nTo specify an output file for the results:\n\n    brakeman -o output_file\n\nThe output format is determined by the file extension or by using the `-f` option. Current options are: `text`, `html`, `tabs`, `json`, `junit`, `markdown`, `csv`, `codeclimate`, `github`, `sarif`, and `sonar`.\n\nMultiple output files can be specified:\n\n    brakeman -o output.html -o output.json\n\nTo output to both a file and to the console, with color:\n\n    brakeman --color -o \u002Fdev\u002Fstdout -o output.json\n\nTo suppress informational warnings and just output the report:\n\n    brakeman -q\n\nNote all Brakeman output except reports are sent to stderr, making it simple to redirect stdout to a file and just get the report.\n\nTo see all kinds of debugging information:\n\n    brakeman -d\n\nSpecific checks can be skipped, if desired. The name needs to be the correct case. For example, to skip looking for default routes (`DefaultRoutes`):\n\n    brakeman -x DefaultRoutes\n\nMultiple checks should be separated by a comma:\n\n    brakeman -x DefaultRoutes,Redirect\n\nTo do the opposite and only run a certain set of tests:\n\n    brakeman -t SQL,ValidationRegex\n\nIf Brakeman is running a bit slow, try\n\n    brakeman --faster\n\nThis will disable some features, but will probably be much faster (currently it is the same as `--skip-libs --no-branching`). *WARNING*: This may cause Brakeman to miss some vulnerabilities.\n\nBy default, Brakeman will return a non-zero exit code if any security warnings are found or scanning errors are encountered. To disable this:\n\n    brakeman --no-exit-on-warn --no-exit-on-error\n\nTo skip certain files or directories that Brakeman may have trouble parsing, use:\n\n    brakeman --skip-files file1,\u002Fpath1\u002F,path2\u002F\n\nTo compare results of a scan with a previous scan, use the JSON output option and then:\n\n    brakeman --compare old_report.json\n\nThis will output JSON with two lists: one of fixed warnings and one of new warnings.\n\nBrakeman will ignore warnings if configured to do so. By default, it looks for a configuration file in `config\u002Fbrakeman.ignore`.\nTo create and manage this file, use:\n\n    brakeman -I\n\nIf you want to temporarily see the warnings you ignored without affecting the exit code, use:\n\n    brakeman --show-ignored\n\n# Warning information\n\nSee [warning\\_types](docs\u002Fwarning_types) for more information on the warnings reported by this tool.\n\n# Warning context\n\nThe HTML output format provides an excerpt from the original application source where a warning was triggered. Due to the processing done while looking for vulnerabilities, the source may not resemble the reported warning and reported line numbers may be slightly off. However, the context still provides a quick look into the code which raised the warning.\n\n# Confidence levels\n\nBrakeman assigns a confidence level to each warning. This provides a rough estimate of how certain the tool is that a given warning is actually a problem. Naturally, these ratings should not be taken as absolute truth.\n\nThere are three levels of confidence:\n\n + High - Either this is a simple warning (boolean value) or user input is very likely being used in unsafe ways.\n + Medium - This generally indicates an unsafe use of a variable, but the variable may or may not be user input.\n + Weak - Typically means user input was indirectly used in a potentially unsafe manner.\n\nTo only get warnings above a given confidence level:\n\n    brakeman -w3\n\nThe `-w` switch takes a number from 1 to 3, with 1 being low (all warnings) and 3 being high (only highest confidence warnings).\n\n# Configuration files\n\nBrakeman options can be stored and read from YAML files.\n\nTo simplify the process of writing a configuration file, the `-C` option will output the currently set options:\n\n```sh\n$ brakeman -C --skip-files plugins\u002F\n---\n:skip_files:\n- plugins\u002F\n```\n\nOptions passed in on the commandline have priority over configuration files.\n\nThe default config locations are `.\u002Fconfig\u002Fbrakeman.yml`, `~\u002F.brakeman\u002Fconfig.yml`, and `\u002Fetc\u002Fbrakeman\u002Fconfig.yml`\n\nThe `-c` option can be used to specify a configuration file to use.\n\n# Continuous Integration\n\nThere is a [plugin available](http:\u002F\u002Fbrakemanscanner.org\u002Fdocs\u002Fjenkins\u002F) for Jenkins\u002FHudson.\n\nFor even more continuous testing, try the [Guard plugin](https:\u002F\u002Fgithub.com\u002Fguard\u002Fguard-brakeman).\n\nThere are a couple [GitHub Actions](https:\u002F\u002Fgithub.com\u002Fmarketplace?type=actions&query=brakeman) available.\n\n# Building\n\n    git clone git:\u002F\u002Fgithub.com\u002Fpresidentbeef\u002Fbrakeman.git\n    cd brakeman\n    gem build brakeman.gemspec\n    gem install brakeman*.gem\n\n# Who is Using Brakeman?\n\n* [Code Climate](https:\u002F\u002Fcodeclimate.com\u002F)\n* [GitHub](https:\u002F\u002Fgithub.com\u002F)\n* [Groupon](http:\u002F\u002Fwww.groupon.com\u002F)\n* [New Relic](http:\u002F\u002Fnewrelic.com)\n* [Twitter](https:\u002F\u002Ftwitter.com\u002F)\n\n[..and more!](http:\u002F\u002Fbrakemanscanner.org\u002Fbrakeman_users)\n\n# Homepage\u002FNews\n\nWebsite: http:\u002F\u002Fbrakemanscanner.org\u002F\n\nTwitter: https:\u002F\u002Ftwitter.com\u002Fbrakeman\n\nChat: https:\u002F\u002Fgitter.im\u002Fpresidentbeef\u002Fbrakeman\n\n# License\n\nBrakeman is free for non-commercial use.\n\nSee [COPYING](COPYING.md) for details.\n","Brakeman 是一个针对 Ruby on Rails 应用程序的静态安全漏洞扫描工具。它能够检测代码中的潜在安全问题，支持从 Rails 2.3.x 到 8.x 的版本，并且兼容 Ruby 2.0 及以上语法，但需要至少 Ruby 3.2.0 运行环境。该工具提供了多种安装方式，包括通过 RubyGems、Bundler 或 Docker 安装，以及丰富的命令行选项来定制扫描行为和输出格式。Brakeman 适用于开发阶段的安全审计，帮助开发者在代码提交前发现并修复可能存在的安全漏洞，从而提高应用的安全性。",2,"2026-06-11 03:13:46","top_language"]