Brakeman is a Rails Security Scanner. To be exact, it is a “static analysis security scanner for Ruby on Rails”. Amongst others, it covers the OWASP Ruby on Rails Cheatsheet

my unix commands to run brakeman:

1 sudo gem install brakeman
2 brakeman
3 
4 cd ~/github/arvados/apps/workbench
5 brakeman -o /tmp/workbench-report.html
6 cd ../../services/api
7 brakeman -o /tmp/api-report.html

The scanner found a couple of interesting issues: