Risk detection
Bearer enables you to identify data security risks and vulnerabilities throughout your development lifecycle and across your production environment. Thus you can:
  1. 1.
    Detect and prioritize risks before and after they reach your production environment.
  2. 2.
    Prioritize issues based on impact to reduce noise and avoid alert fatigue.
  3. 3.
    Assess risks faster and more accurately with actionable context.
  4. 4.
    Stop slowing down development by automating security checks.
Risk events are listed on the Home page in an inbox format.

What risks does Bearer detect?

A risk event is triggered when:
  • a repository processes new sensitive data.
  • a repository processes sensitive data and integrates with a new third party.
Bearer provides you with contextual information so you can investigate and assess risks efficiently. Once a risk has been detected, you can ignore it, assign it to a teammate (JIRA integration coming) and close once it has been mitigated.

Can I customize risk events?

Risk events can be customized in the Settings to fit your own processes.
For each risk event you can set up:
  • the risk level
  • notifications (emails, Slack)

What other risks will Bearer detect in the future?

By September 2022, Bearer will detect:
  • New sensitive data being stored in data stores.
  • Publicly available data stores that process sensitive data.
  • Databases storing sensitive data out of the U.S. (for HIPAA) or Europe (for GDPR).
  • Unsecure database access.
  • Disabled database backup.
  • Missing client-side encryption.
  • Missing server-side encryption.
  • Missing logging and monitoring for databases and applications.
  • Secret leaks.
  • Dependency vulnerabilities (integrating with Snyk and GitHub).
  • Data leakage in loggers.
  • Unsecure HTTP/FTP/SMTP communication.

Can I set up my own risk detection rules?

We are open to discussing any detection rule that might be valuable to your organization.
Just reach out to [email protected] and state your demand.