GitHub Actions
Bearer offers a GitHub Action for using Bearer to scan your codebase periodically.
We advise users who wish to scan their codebase without creating and managing a Personal Access Token to use the Bearer GitHub Action.

Step 1: Create a Bearer API token

  1. 1.
  2. 2.
    Go to Settings
  3. 3.
    Select API Tokens
4. Generate a token for the Broker
5. Copy and keep safe the token you generated, you will need it later in the configuration file.
We recommend that you pass the BEARER_TOKEN as an environment variable and that you store this variable as a secret on GitHub at the repository or organization level.
You can't display a generated token twice. If you haven't saved it, you will need to generate a new one and revoke the one you lost.

Step 2: Use the GitHub Action

Add a new job to your GitHub workflow using the Action as follows in the .github/workflows/example-workflow.yaml file:
name: Bearer Scanner
on:
schedule:
- cron: "0 9 * * *" # Runs every day at 9:00 am
permissions:
contents: read # Minimal permissions
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Run Bearer
uses: bearer/[email protected]
env:
BEARER_TOKEN: ${{ secrets.BEARER_TOKEN }}
Export as PDF
Copy link
On this page
Step 1: Create a Bearer API token
Step 2: Use the GitHub Action