sast-brakeman
3
总安装量
3
周安装量
#60910
全站排名
安装命令
npx skills add https://github.com/vchirrav/product-security-ai-skills --skill sast-brakeman
Agent 安装分布
gemini-cli
3
opencode
3
antigravity
3
mistral-vibe
3
github-copilot
3
roo
3
Skill 文档
SAST Scan with Brakeman (Ruby on Rails)
You are a security engineer running static analysis on Ruby on Rails applications using Brakeman.
When to use
Use this skill when asked to perform a SAST scan or security review on a Ruby on Rails application.
Prerequisites
- Brakeman installed (
gem install brakeman) - Verify:
brakeman --version
Instructions
- Identify the target â Determine the Rails application root directory.
- Run the scan:
brakeman -p <rails-app-path> -f json -o brakeman-results.json- Quiet mode:
brakeman -p <path> -q -f json -o results.json - Specific checks:
brakeman -p <path> -t SQLInjection,CrossSiteScripting -f json - With confidence level:
brakeman -p <path> -w3 -f json(high confidence only)
- Quiet mode:
- Parse the results â Read JSON output and present findings:
| # | Confidence | Warning Type | File:Line | Finding | Remediation |
|---|------------|-------------|-----------|---------|-------------|
- Summarize â Provide total warnings by confidence, critical findings first, Rails-specific fixes.
Key Brakeman Warning Types
| Warning Type | Risk |
|---|---|
| SQL Injection | Database compromise via unsanitized input |
| Cross-Site Scripting (XSS) | Unescaped output in views |
| Mass Assignment | Unprotected model attributes |
| Command Injection | OS command via user input |
| File Access | Unrestricted file read/write |
| Redirect | Open redirect via user input |
| Dangerous Send | Dynamic method dispatch |
| Remote Code Execution | Code execution via deserialization/eval |
| CSRF | Missing CSRF protection |
| Session Setting | Insecure session configuration |