I’m looking to see if anyone knows how brakeman is used on our CI system. We have a job (test_brakeman) that generates a brakeman_output.json file but I’ve not yet found anything that seems to use this data.
Anyone who knows more, I’d greatly appreciate some input.
If I don’t hear anything by 18 April, I am going to delete the job from Jenkins. Thanks!
The job was created some time ago with the intention of running it on every pull request. However that never got done because there are a bunch of errors and warnings that should have been fixed before that. As far as I can tell, it is not used anywhere and it’s never been used
Alrighty. Well in that case, I’ll flag it for deletion. Thanks @dLobatog!
The test_brakeman job has been deleted.
I know, that this thread is pretty old but I wonder, why brakeman isn’t used in Foreman, Katello and its plugin. Does someone remember, maybe @lzap?
There are some other vulnerabilities scanner out there like trivy or grype. As Foreman / Katello is using a lot of third party software (rubygem, npm, java jar (for candlepin), python pip for pulp) wouldn’t it be worth to run these vulnerability scanners during packaging or even for each PR?
If I read the conclusion of this thread then it’s that nobody spent the time fixing the issues it reported, so it never became a reliable “was it already a problem or is it my patch” kind of check. I’d suggest to open a new discussion on it if you want to revisit the discussion.
Never heard of this.