Railroader is a security static analysis tool for applications written using Ruby on Rails.
Railroader will examine your program to look for potential problems, and warn you about them. Railroader can’t find every vulnerability, but it’s a great tool to help you find problems before they hurt anyone. It is a static analysis tool - that means it does not try to run the application you are analyzing.
Railroader is open source software (OSS) released under the MIT license. You can use it for any purpose, including commercial purposes, and we love contributions.
Railroader is a fork of the Brakeman tool, which was once OSS but is no longer. If you want Brakeman, go to the Brakeman website instead. Railroader is not Brakeman, though they share a common history. If you find something in our documentation that incorrectly implies that Railroader is Brakeman, please let us know so we can fix it.
The name Railroader was chosen because a railroader is someone who employed to operate or manage a railroad. Basically, we want to help you safely get where you are going on Rails. We thought it’d be good to play on the theme of Rails since it support Rails. The name is also in the long tradition of a later name being a riff on the older name (such as bison from yacc, or flex from lex). We also want to make sure the name is completely different from Brakeman (and it is).