Oops...a month later I realize I never replied. Sorry about that! Yes, at this point Brakeman does read the previous results (brk.json) before writing out the new results.
-Justin On 09/25/2013 02:12 PM, Dante Avery wrote: > Thank you Justin for the quick response. Here is the current script that > I have now > > Brakeman sourcecode -i fp --compare brk.json -o brkcmp.json > brakeman-output.tabs -o brk.json -o brk.html > > So just to be on the safe side, does it compare the old brk.json before it > creates a new brk.json ? > > > On 9/25/13 11:11 AM, "Justin Collins" <[email protected]> wrote: > >> On 09/25/2013 10:56 AM, Dante Avery wrote: >>> Good morning, >>> >>> I just want to make sure I am running the correct command to compare >>> previous scans and to include false positives >>> >>> This is the current command I use where fp is the false positive >>> config file. Also I am using the jenkins plugin >>> >>> Brakeman sourcecode -I fp --compare brk.json o brakeman-output.tabs >>> o brk.json o brk.html >>> >>> >>> Also is there anyway to display the number of false positives in tabs >>> format? >> >> Hi Dante, >> >> I believe you just need to make some minor changes to the command: >> >> brakeman sourcecode -i fp --compare brk.json o brk.json o >> brakeman-output.tabs o brk.html >> >> >> -I is the "interactive ignore mode" which you don't want if running with >> Jenkins. >> >> When using --compare, Brakeman outputs the results to the first -o >> option, no matter what its name is, so put the json file first. >> >> Currently, there is no way to display ignored warnings in Jenkins, and >> therefore no way to show them in the tabs format. There are no plans to >> change this, especially since most of the Jenkins view code is in a >> parent plugin I have no control over. >> >> -Justin >> >
