Brakeman for Ruby LSP

This library enables running Brakeman via Ruby LSP.

The library is in early but working stages. It has only been tested with VS Code so far.

Add ruby-lsp-brakeman to your Gemfile:

gem 'ruby-lsp-brakeman', require: false

Bundle install and restart the Ruby LSP server/extension to enable.

Initialization output should look like this:

Display of inline warnings on hover:

Display after clicking "View Problem":

Warnings are listed as "problems" in VS Code's panel:

When files are saved, Brakeman will rescan the files and update any impacted warnings. Note that scans are asynchronous and only one scan will run at a time. If multiple files are changed while a scan is running, they will be queued and then rescanned all together when the current scan finishes.

• Column numbers are not available right now, so the entire line is always reported
• Brakeman's rescanning capabilities are currently being overhauled. They work but may be a little slow (but still faster than a full scan)
• Large applications may require way too much memory for incremental scans to be useful
• Warnings may not clear if Ruby LSP crashes
• VS Code does not seem to support CodeDescription which can link to more information
• No tests yet, so buyer beware

The gem is available as open source under the terms of the MIT License.