Brakeman

Brakeman is an open-source static application security testing (SAST) tool specifically designed for Ruby on Rails applications that scans source code to identify security vulnerabilities including SQL injection, cross-site scripting (XSS), command injection, cross-site request forgery (CSRF), and other common security issues at any stage of development. The tool performs zero-configuration analysis of Rails application code by examining models, controllers, views, and configurations without requiring the full application stack to be running, providing fast and comprehensive security assessments with confidence-rated warnings.