Add Brakeman (#731)

* Amend README to display correct Ruby version

* Add brakeman gem

* Add a workflow for brakeman

* Revert "Add brakeman gem"

This reverts commit bdaa4e9.

* Add brakeman without rubocop fixes :-)

* Move brakeman to only be in the development gem group

Author: haydenrou

.github/workflows/backend.yml

@@ -135,3 +135,20 @@ jobs:
       - name: Run rspec
         run: |
           bundle exec rspec
+
+  brakeman:
+    name: Security Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          working-directory: backend
+          bundler-cache: true
+      - name: Brakeman
+        uses: reviewdog/action-brakeman@v2
+        with:
+          brakeman_version: gemfile
+          reporter: github-pr-review

README.md

@@ -13,7 +13,7 @@ Help would be appreciated! Please join us in [slack #flaredown](https://rubyforg
 * PostgreSQL 12.8
 * MongoDB 4.4.9
 * Redis 6.2.3
-* Ruby 3.0.6
+* Ruby 3.1.3
 * Node 12.22.6
 
 ## Installation

backend/Gemfile

@@ -84,6 +84,7 @@ group :development do
   gem "annotate"
   gem "awesome_print", "~>1.6"
   gem "better_errors", "~>2.1"
+  gem "brakeman", "6.1.2"
   gem "foreman", require: false
   gem "letter_opener"
 end

backend/Gemfile.lock

@@ -84,6 +84,8 @@ GEM
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
+    brakeman (6.1.2)
+      racc
     bson (4.12.1)
     bson (4.12.1-java)
     bugsnag (6.26.0)
@@ -491,6 +493,7 @@ DEPENDENCIES
   annotate
   awesome_print (~> 1.6)
   better_errors (~> 2.1)
+  brakeman (= 6.1.2)
   bugsnag (~> 6.22)
   bullet
   byebug