diff --git a/config/protections.yml b/config/protections.yml
index a120fa1..99f2f82 100644
--- a/config/protections.yml
+++ b/config/protections.yml
@@ -21,6 +21,7 @@ validations:
     - secret
     - credentials
     - irb
+    - ENV
 forbidden_methods:
   Kernel:
     - eval
diff --git a/test/tampering_cases/flagged/ruby/env.rb b/test/tampering_cases/flagged/ruby/env.rb
new file mode 100644
index 0000000..f46e096
--- /dev/null
+++ b/test/tampering_cases/flagged/ruby/env.rb
@@ -0,0 +1 @@
+ENV['DATABASE_URL']