> On 18 Feb 2014, at 17:46, Justin Collins <[email protected]> wrote: > >> On 02/18/2014 01:26 AM, Aleksandar Simic wrote: >> >> On 17 February 2014 17:02, Justin Collins <[email protected] >> <mailto:[email protected]>> wrote: >> >>> On 02/17/2014 08:07 AM, Aleksandar Simic wrote: >>> Hello list, >>> >>> my first posting here. >>> >>> I have a question regarding how to parse warnings issued by brakeman. >>> >>> The full scenario is below. >>> >>> Working on this app at the moment: >>> >>> https://github.com/ministryofjustice/accelerated_claims >>> >>> There is this snipped of code in config/initializers/secret_token.rb: >> >> https://github.com/ministryofjustice/accelerated_claims/blob/498a2c81e17ce83baf9b4063ebd74678110d891d/config/initializers/secret_token.rb#L13-L17 >>> >>> Which gives this warning when brakeman is run: >>> >>> https://gist.github.com/dotemacs/9053206 >>> >>> Is there a way to ignore/omit this warning in any subsequent brakeman >>> runs, short of grepping out the warning in question? >>> >>> What I'm trying to do is have brakeman set up to run in our CI as >> a post >>> build task and flag up any warning should they appear in our code >> (will >>> use these instructions: >> http://brakemanscanner.org/docs/jenkins/setup/ ). >>> But I'd like to avoid issuing any warnings for know issues. >>> >>> Have you dealt with an issue like this and how did you go about it? >>> >>> Thank you for your time, >>> Aleksandar >> >> Hi Aleksandar, >> >> It sounds like what you want is for Jenkins to only fail builds when new >> warnings are introduced. Last I checked, this is not possible[1]. >> >> However, it appears it is possible to only send emails regarding >> new/fixed warnings[2] and avoid marking the build as failed. >> >> In case that's not what you meant, you can also create a configuration >> file to ignore certain warnings[3]. >> >> Hope that helps. >> >> -Justin >> >> [1] >> >> https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins?focusedCommentId=58002244#comment-58002244 >> >> [2] >> >> https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins?focusedCommentId=58002244#StaticCodeAnalysisPlug-ins-email >> >> [3] brakemanscanner.org/blog/2013/07/17/brakeman-2-dot-1-0-released/ >> <http://brakemanscanner.org/blog/2013/07/17/brakeman-2-dot-1-0-released/> >> >> >> Hello Justin, >> >> thanks for the thorough response. >> >> 3. was what I was after. >> >> Since you seemed to have integrated this with Jenkins somehow, and >> taking into account your answer with 1., what I'm wondering is how do >> you get warnings from new errors/warnings? >> >> What do you think of this approach: >> >> ---- shell script ----- >> # capture the report >> brakeman -o report >> >> # then parse it for errors >> # and create the error exit status manually >> >> if [ $(grep -c '+SECURITY WARNINGS+') -gt 0 ]; >> then >> cat report >> exit 1 >> fi >> ---- end of the script ---- >> >> I'm guessing that this approach was probably considered. If it was, what >> was/is the downside of it? >> >> The script above is just a small example, I'd probably expand on it if I >> were to add it to our CI. >> >> Thanks again, >> Aleksandar > > > Have you tried using the Brakeman plugin for Jenkins already? It > provides nice graphs and different ways of drilling into reports, with > links to the source code. It's odd to be discussing how to integrate > Brakeman with Jenkins without you having tried the plugin and found out > what it can and cannot do.
About to be set up. > That being said, you can use the "-z" flag in Brakeman to set the exit > code to non-zero when any (not ignored) warnings are found. This is just right. Sorry for not spotting this earlier. Thanks for Brakeman! Aleksandar
