How to run the Security Analysis Tool Brakeman only for modified files?
I use brakeman version 4.6.1 with Ruby 2.6.3.
Asked
Active
Viewed 1,369 times
1 Answers
3
Maybe you need to run something that gives you the files modified in the period you want, there are some tricks available to find the last (Dir.glob("*").max_by {|f| File.mtime(f)}) modified file, e.g. here: ruby finding the most recently updated file.
Playing with it, e.g. with the time and not using max_by should give you more / a list of files.
But, this is from the brakeman documentation:
To skip certain files use:
brakeman --skip-files file1,file2,etcNote: Brakeman does a "whole program" analysis, therefore skipping a file may affect warning results from more than just that one file.
The inverse but even more dangerous option is too specific which files to scan:
brakeman --only-files some_file,some_dirAgain, since Brakeman looks at the whole program, it is very likely not going to behave as expected when scanning a subset of files. Also, if certain files are excluded Brakeman may not function at all.
Maybe you need to tell us why you want to scan only certain files ... the options mentioned seem to be sensible for me in your case.
Christian
- 4,902
- 4
- 24
- 42