From eb7e5b8f2b58a84ea403ddec7230746ecbdf87b1 Mon Sep 17 00:00:00 2001 From: alex Date: Wed, 28 May 2025 16:02:17 -0400 Subject: [PATCH 1/2] adding new tools --- docs/tools/brakeman.md | 40 +++++++++++++++++++++++++++++++++ docs/tools/clippy.md | 50 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 docs/tools/brakeman.md create mode 100644 docs/tools/clippy.md diff --git a/docs/tools/brakeman.md b/docs/tools/brakeman.md new file mode 100644 index 00000000..d9fac002 --- /dev/null +++ b/docs/tools/brakeman.md @@ -0,0 +1,40 @@ +--- +title: Brakeman +sidebar_label: Brakeman +description: CodeRabbit's guide to Brakeman. +--- + +```mdx-code-block +import ProPlanNotice from '@site/src/components/ProPlanNotice.mdx'; + + +``` + +[Brakeman](https://brakemanscanner.org/) is a static analysis tool which checks Ruby on Rails applications for security vulnerabilities. It scans your application's code for potential security issues and provides detailed reports about any vulnerabilities it finds. + +## Supported Files + +Brakeman will run on files with the following extensions: + +- `Gemfile` +- `*.rb` +- `*.erb` + +## Features + +Brakeman can detect many critical vulnerabilities such as: + +- SQL injection +- Cross-site scripting (XSS) +- Mass assignment +- Remote code execution +- And many more security vulnerabilities +- Out of date package versions +- Etc + +## Links + +- [Brakeman Official Website](https://brakemanscanner.org/) +- [Brakeman GitHub Repository](https://github.com/presidentbeef/brakeman) +- [Brakeman Documentation](https://brakemanscanner.org/docs/) +- [Warning Types](https://brakemanscanner.org/docs/warning_types/) diff --git a/docs/tools/clippy.md b/docs/tools/clippy.md new file mode 100644 index 00000000..257af0e3 --- /dev/null +++ b/docs/tools/clippy.md @@ -0,0 +1,50 @@ +--- +title: Clippy +sidebar_label: Clippy +description: CodeRabbit's guide to Clippy. +--- + +```mdx-code-block +import ProPlanNotice from '@site/src/components/ProPlanNotice.mdx'; + + +``` + +[Clippy](https://github.com/rust-lang/rust-clippy) is a collection of lints to catch common mistakes and improve your Rust code. It is the official linter for the Rust programming language. + +## Supported Files + +Clippy will run on files with the following extensions: + +- `*.rs` + +## Configuration + +Clippy supports the following configuration files: + +- `clippy.toml` +- `.clippy.toml` + +:::note + +Clippy does not require configuration to run. If no configuration file is found, it will use default settings. + +A Cargo.toml is required. + +::: + +## Features + +Clippy can detect many code quality issues such as: + +- Style violations +- Common mistakes +- Performance issues +- Deprecated code patterns +- And many more Rust-specific issues + +## Links + +- [Clippy GitHub Repository](https://github.com/rust-lang/rust-clippy) +- [Clippy Documentation](https://rust-lang.github.io/rust-clippy/master/) +- [Available Lints](https://rust-lang.github.io/rust-clippy/master/index.html) From 31d708763f52190a43ceb788a9144b6102db72e7 Mon Sep 17 00:00:00 2001 From: alex Date: Wed, 28 May 2025 16:04:59 -0400 Subject: [PATCH 2/2] add to list and changelog --- docs/changelog.md | 12 ++++++++++++ docs/tools/list.md | 5 ++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/changelog.md b/docs/changelog.md index 6a21a8ab..70fdf7db 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -5,6 +5,18 @@ description: The latest updates and changes to CodeRabbit. sidebar_position: 13 --- +## May 25, 2025 + +### New Security and Code Quality Tools + +We're excited to announce the addition of two powerful tools to our static analysis arsenal: + +- **Brakeman**: A static analysis security vulnerability scanner for Ruby on Rails applications. It helps identify security issues in your Ruby codebase by analyzing Gemfile, Ruby files (_.rb), and ERB templates (_.erb). + +- **Clippy**: The official linter for Rust code, helping catch common mistakes and improve your Rust code quality. It analyzes \*.rs files and supports configuration through clippy.toml files. + +Both tools can be configured through their respective config files or through CodeRabbit's settings page. See our [tools documentation](https://docs.coderabbit.ai/tools/) for more details. + ## May 19, 2025 ### Lua Support with Luacheck diff --git a/docs/tools/list.md b/docs/tools/list.md index d85b4c78..b3220568 100644 --- a/docs/tools/list.md +++ b/docs/tools/list.md @@ -35,7 +35,8 @@ For an overview of how CodeRabbit uses these tools when generating code reviews, | Protobuf | [Buf][Buf] | Code Quality | | Python | [Ruff][Ruff] | Code Quality | | Regal | [Regal][Regal] | Code Quality | -| Ruby | [RuboCop][RuboCop] | Code Quality | +| Ruby | [RuboCop][RuboCop], [Brakeman][Brakeman] | Code Quality, Code Security | +| Rust | [Clippy][Clippy] | Code Quality | | Semgrep | [Semgrep][Semgrep] | Code Security | | Shell (sh, bash, ksh, dash) | [ShellCheck][ShellCheck] | Code Quality | | Shopify | [Shopify CLI][ShopifyCLI] | Code Quality | @@ -74,3 +75,5 @@ For an overview of how CodeRabbit uses these tools when generating code reviews, [oxlint]: /tools/oxlint.md [ShopifyCLI]: /tools/shopify-cli.md [Luacheck]: /tools/luacheck.md +[Brakeman]: /tools/brakeman.md +[Clippy]: /tools/clippy.md