A Hudson/Jenkins plugin to run Brakeman against Ruby on Rails applications and track the results.
This plugin requires the Static Analysis Utilities Plugin (which is also called "analysis-core") version >= 1.16. The plugin is available in Jenkins under Manage Jenkins -> Manage Plugins -> Available -> Static Analysis Utilities.
You will also need to have Ruby and RubyGems installed on the Jenkins/Hudson server in order to run Brakeman.
Navigate to Manage Jenkins -> Manage Plugins -> Available and look for "Brakeman". Click the checkbox and then the "Install" button at the bottom of the page.
Download brakeman.hpi from here.
Inside Jenkins, go to Manage Jenkins -> Manage Plugins -> Advanced -> Upload Plugin.
Upload brakeman.hpi.
Add/append a shell command to your job configuration like (this is just an example):
gem install brakeman --no-rdoc --no-ri &&
brakeman -o brakeman-output.tabs
Or, if rvm is available, you can use something like:
bash -l -c 'rvm use 1.8.7 &&
rvm gemset create brakeman &&
rvm gemset use brakeman &&
gem install brakeman --no-rdoc --no-ri &&
brakeman -o brakeman-output.tabs'
The version of Ruby may vary according to your setup.
Click 'Publish Brakeman warnings' to enable the Brakeman.
Some adjustment may need to be done regarding paths. Brakeman needs to be run at the root of the application or supplied with the path. The output file specified on the commandline needs to be synched with the output file specified as a plugin option.
Requires Maven2. You will likely need to modify your environment as documented here.
After cloning the source, run this in the main directory:
mvn hpi:run
This starts up a copy of Jenkins with the Brakeman plugin installed. This is not necessary if you just want to install the plugin.
This is to generate a new brakeman.hpi.
Requires Maven2. You will likely need to modify your environment as documented here.
After cloning the source, run this in the main directory:
mvn install
This builds a copy of the plugin in ./target/brakeman.hpi