Kudos to Niel Matatall for writing guard-brakeman. Neil has taken an open source static analysis tool, brakeman scanner and integrated it with the guard framework, a Ruby DSL for creating file-change events. Guard is typically used to automatically run the test suite as soon as a developer modifies any source code files and provides visual notifications on pass or fail conditions. What Neil has done is simple but I think very powerful which is why I think he deserves public kudos. When a developer adds guard-brakeman to his guard configuration any time he/she makes a change to his application the security tests will automatically run. TDD developers don’t commit code until all tests pass and so he has effectively provided an easy way to push security back up the chain for developers following TDD. It’s that one stage further back than running static analysis before a commit. The only place further back up the chain left to explore is intelli-sense type security advice in the editor.
We need more people doing more things like this in my opinion. Simple, elegant and effective. Kudos to Neil!
Mark Curphey 
Leave a comment