Bearer CLI

Welcome to the Bearer CLI documentation. Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.

This includes:

• Security risks and vulnerabilities using built-in rules covering the OWASP Top 10 and CWE Top 25, such as:

  • A01: Access control (e.g. Path Traversal, Open Redirect, Exposure of Sensitive Information).
  • A02: Cryptographic Failures (e.g. Weak Algorithm, Insecure Communication).
  • A03: Injection (e.g. SQL Injection, Input Validation, XSS, XPath).
  • A04: Design (e.g. Missing Encryption of Sensitive Data, Persistent Cookies Containing Sensitive Information).
  • A05: Security Misconfiguration (e.g. Cleartext Storage of Sensitive Information in a Cookie or JWT).
  • A07: Identification and Authentication Failures (e.g. Use of Hard-coded Password, Improper Certificate Validation).
  • A08: Data Integrity Failures (e.g. Deserialization of Untrusted Data).
  • A09: Security Logging and Monitoring Failures (e.g. Insertion of Sensitive Information into Log File).
  • A10: Server-Side Request Forgery (SSRF).

• Privacy risks with the ability to detect sensitive data flow such as the use of PII, PHI in your app, and components processing sensitive data (e.g. databases like pgSQL, third-party APIs such as OpenAI, Sentry, etc.). This helps generate a privacy report relevant for:

  • Privacy Impact Assessment (PIA).
  • Data Protection Impact Assessment (DPIA).
  • Records of Processing Activities (RoPA) input for GDPR compliance reporting.

Bearer CLI currently supports JavaScript, TypeScript, Ruby, and Java stacks, and more will follow.

Want a quick rundown? Here's a minute and a half of what you can expect from Bearer CLI:

Getting started

New to Bearer CLI? Check out the quickstart to scan your first project.

Ready to dive in? Bearer CLI's scanners and reports are your path to analyzing security risks and vulnerabilities in your application. Check the command reference to configure Bearer CLI to your needs.

Guides

Guides help you make the most of Bearer CLI so you can get up and running quickly.

• Configure the scan command
• GitHub action integration
• GitLab CI/CD
• Set up CI/CD
• Create custom rule
• Run a privacy report
• Run a data flow report
• Using Bearer Cloud
• Enable Completion Script

Explanations

Explanations dive into the rational behind Bearer CLI and explain some of its heavier concepts.

• How Bearer CLI works
• Bearer CLI's scanner types
• Bearer CLI's report types
• How Bearer CLI discovers and classifies data
• How Bearer CLI sets severity levels

Reference

Reference documents are where you'll find detailed information about each command, as well as support charges for languages, rules, datatypes, and more.

• Installation
• Configuration
• Commands
• Built-in Rules
• Supported Data Types
• Recipes
• Supported Languages

Contributing

We'd love to see the impact you can bring to Bearer CLI. Our contributing documentation will help get you started, whether you want to dive deep into the code or simply fix a typo.

• Get started contributing to Bearer CLI
• Set up Bearer CLI locally to contribute code
• Help improve and apply fixes to the documentation
• Add new recipes to Bearer CLI's database