This library enables running Brakeman via Ruby LSP.
The library is in early but working stages. It has only been tested with VS Code so far.
Add ruby-lsp-brakeman to your Gemfile:
gem 'ruby-lsp-brakeman', require: falseBundle install and restart the Ruby LSP server/extension to enable.
Initialization output should look like this:
Display of inline warnings on hover:
Display after clicking "View Problem":
Warnings are listed as "problems" in VS Code's panel:
When files are saved, Brakeman will rescan the files and update any impacted warnings. Note that scans are asynchronous and only one scan will run at a time. If multiple files are changed while a scan is running, they will be queued and then rescanned all together when the current scan finishes.
- Column numbers are not available right now, so the entire line is always reported
- Brakeman's rescanning capabilities are currently being overhauled. They work but may be a little slow (but still faster than a full scan)
- Large applications may require way too much memory for incremental scans to be useful
- Warnings may not clear if Ruby LSP crashes
- VS Code does not seem to support
CodeDescriptionwhich can link to more information - No tests yet, so buyer beware
The gem is available as open source under the terms of the MIT License.