Wow, completely forgot to send this email. Brakeman 2.1.0 was released with some important new features, such as branch limiting (should help performance in certain cases) and support for ignoring warnings.
Also, the brakeman-min gem has been revived for those who like to keep gem dependencies lean. brakeman-min only requires four dependencies (instead of 13) and you can install just the gems you need (like HAML, Slim, Erubis, FasterCSV, etc.). Note that the default output for brakeman-min is JSON, not the text tables. Warnings can be ignored using a configuration file. The easiest way to do this is to use the -I option, which will walk through each warning and ask if they should be ignored. Notes can be added to ignored warnings. Brakeman now depends on the latest ruby_parser, which adds support for Ruby 2.0 syntax and improved 1.9 syntax support. Changes since 2.0.0: * Add support for ignoring warnings * Add brakeman-min gem * Add check for dangerous model attributes defined in attr_accessible (Paul Deardorff) * Add check for authenticate_or_request_with_http_basic (#301) * Add --branch-limit option, limit to 5 by default * Add more methods to check for command injection (#206) * Allow use of Slim 2.x (Ian Zabel) * Load gem dependencies on-demand * Output JSON diff to file if -o option is used * Refactor of SQL injection check code (Bart ten Brinke) * Return error exit code when application path is not found * Fix detection of duplicate XSS warnings * Fix output format detection to be more strict again * Fix Gemfile.lock parsing for non-native line endings (#359) * Allow empty Brakeman configuration file (#343) * Update to ruby_parser 3.2.2 For more information, see the release post: http://brakemanscanner.org/blog/2013/07/17/brakeman-2-dot-1-0-released/
