andyw8
commented
5 years ago @david-a-wheeler Will you be aiming for 'feature parity' with Brakeman's updates, e.g. supporting the same checks but implemented independently?
Open david-a-wheeler opened 5 years ago
andyw8
commented
5 years ago @david-a-wheeler Will you be aiming for 'feature parity' with Brakeman's updates, e.g. supporting the same checks but implemented independently?
david-a-wheeler
commented
5 years ago @andyw8 - ideally Railroader would meet or exceed Brakeman's capabilities. However, that depends on the community as a whole. I don't have the resources of Synopsys. What Railroader will actually be able to do will depend on what people (not just me) are willing to contribute.
david-a-wheeler
commented
5 years ago @andyw8 - However, we certainly want to make easy for people to switch between them and/or use both. So we definitely do NOT want to do anything that would create a gross incompatibility.
grosser
commented
5 years ago @presidentbeef has put a ton of work into the gem and is super responsive on issues, having someone sell "brakeman as a service" would kinda suck, so I understand where this is coming from. Having a fork could be nice to experiment though, so good luck!
andyw8
commented
5 years ago My concern is that I'll no longer being able to use the latest Brakeman on Code Climate.
david-a-wheeler
commented
5 years ago @grosser - Thanks. I'm doing my best to make it clear that Railroader is not a "hostile" fork, I appreciate what @presidentbeef has done. That said, he's decided to make it non-OSS, and I want an OSS version. He's already noted that this was "not unexpected".
david-a-wheeler
commented
5 years ago @andyw8 - You can use the lastest Railroader on Code Climate. Hopefully that will meet your needs :-).
andyw8
commented
5 years ago @david-a-wheeler Someone will first need to build and publish a Code Climate engine for it though.
david-a-wheeler
commented
5 years ago @andyw8 - Sure. That someone could be you :-).
grosser
commented
5 years ago could reach out to code-climate and ask them if their brakeman integration will stop 🤷♂️ ... not a big fan of their stuff anyway since local verification is much simpler then waiting for the PR to get scanned :D
mensfeld
commented
5 years ago @andyw8 I'm working on a self-hosted open-source container for all the important Ruby quality, linting and security tools. It won't allow you to run on code climate but it will allow you to run it locally or from the CI. I will be releasing it in 2 months max and will try to add Railroader as well!
Brakeman is no longer open source software (OSS).
Thus, I have created Railroader, an open source software (OSS) static source code analyzer for Ruby on Rails. It's a project fork off the last OSS version of Brakeman.
We love contributions. If you have anything you want to contribute, please do so! The license for Railroader continues to be the MIT license.
Past contributors to Brakeman are, of course, very welcome. Those include: @oreoshake @ptoomey3 @mastahyeti @barttenbrinke @andyw8 @bethanyr @zlx @themetric @jsyeo @noahd1 @grosser @codeferret @wfleming @jeffrafter @phene @abedra @fsword
Thanks so much for your past work, and I invite you to contribute in the future. Thanks.