Brakeman是一个针对Ruby on Rails应用的开源安全扫描工具，他可以静态分析Rails应用代码，帮助安全研究人员在开发流程中发现安全问题。
配置简单 Brakeman requires zero setup or configuration once it is installed. Just run it. 白盒扫描 Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman. 不依赖于爬虫，覆盖全面 Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable. 可检查应用配置 Brakeman is specifically built for Ruby on Rails applications, so it can easily check configuration settings for best practices. 测试灵活 Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with. 速度优越于黑盒测试 While Brakeman may not be exceptionally speedy, it is much faster than “black box” website scanners. Even large applications should not take more than a few minutes to scan.