Railroader is a security static analysis tool for
applications written using Ruby on Rails.
Railroader will examine your program to look for potential
problems, and warn you about them.
Railroader can’t find every vulnerability, but it’s a great tool to help
you find problems before they hurt anyone.
It is a static analysis tool - that means it does not try to run
the application you are analyzing.
Railroader is open source software (OSS) released under the MIT license.
You can use it for any purpose, including commercial purposes, and
we love contributions.
Railroader is a fork of the Brakeman tool, which was once OSS but is no longer. If you want Brakeman, go to the
Brakeman website instead.
Railroader is not Brakeman, though they share a common history.
If you find something in our documentation that incorrectly
implies that Railroader is Brakeman, please let us know so we can fix it.
The name Railroader was chosen because a railroader is someone
who employed to operate or manage a railroad.
Basically, we want to help you safely get where you are going on Rails.
We thought it’d be good to play on the theme of Rails since it support Rails.
The name is also in the long tradition of a later name being a riff on
the older name (such as bison from yacc, or flex from lex).
We also want to make sure the name is completely different
from Brakeman (and it is).
Railroader is easy to install and use.
So please do so!