Brakeman: Static code vulnerability scanner for Rails

Brakeman is a static source code scanner that analyzes the source code and reports known security vulnerabilities. The advantage of it is that you can run it continuously to check for known problems, for example before each commit or on a CI server.

There is also a Guard plugin to run the checks whenever files change.

However, one or two words of warning about code scanners and security: You shouldn’t solely rely on them. While they’re definitely a good supplement to help you avoid common mistakes, they won’t spot everything, and especially not logic vulnerabilities that require either multiple steps or changing IDs to edit someone else’s resources.