Product SiteDocumentation Site

1.3.2. Reducing number of false warnings

There are several ways to reduce number of false warnings, most of which can be dangerous. Reducing number of false warnings might be meaningful when Brakeman is adopted by an existing project - in such cases initial report can be overwhelming and ignoring warnings that are likely to be false can be crucial. However, this shall be considered only temporary solution.


Reduction of false warnings by skipping certain checks or ignoring certain files is dangerous. Even if all currently reported warnings are false, future commits might introduce flaws that would otherwise be reported. This greatly reduces effectiveness of Brakeman and its value for project.
One way to reduce number of warnings is to set minimum confidence level:
$ brakeman -w <level>
where level 1 indicates Weak confidence, level 2 Medium and 3 High confidence.
Another option is to specify list of safe methods:
$ brakeman -s <comma separated list of methods>
This will add methods to the set of known safe methods and certain checks will skip them without producing a warning. For example, Cross site scripting checker maintains a set of methods which produce safe output (it contains methods like escapeHTML) and safe methods specified as command line argument are added to the list.
You can skip processing lib directory and/or specify files to be skipped:
$ brakeman --skip-libs
$ brakeman --skip-files <comma separated list of files>