Bearer CLI

Welcome to the Bearer CLI documentation. Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.

The CLI provides built-in rules that check against a common set of security risks and vulnerabilities, known as OWASP Top 10, and privacy risks. Here are some practical examples of what those rules look for:

  • Non-filtered user input (sql injection, path traversal, etc.)
  • Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments.
  • Usage of weak encryption libraries or misusage of encryption algorithms.
  • Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive data.
  • Hard-coded secrets and tokens.

And many more.

Bearer CLI currently supports JavaScript / TypeScript and Ruby stacks, and more will follow.

Want a quick rundown? Here's a minute and a half of what you can expect from Bearer CLI:

Getting started

New to Bearer CLI? Check out the quickstart to scan your first project.

Ready to dive in? Bearer CLI's scanners and reports are your path to analyzing security risks and vulnerabilities in your application. Check the command reference to configure Bearer CLI to your needs.


Guides help you make the most of Bearer CLI so you can get up and running quickly.


Explanations dive into the rational behind Bearer CLI and explain some of its heavier concepts.


Reference documents are where you'll find detailed information about each command, as well as support charges for languages, rules, datatypes, and more.


We'd love to see the impact you can bring to Bearer CLI. Our contributing documentation will help get you started, whether you want to dive deep into the code or simply fix a typo.

Ready to take the next step? Join the Bearer Cloud waitlist.