Quick Start

Discover your application security risks and vulnerabilities in only a few minutes. In this guide you will install Bearer, run the SAST scanner on a local project, and view the results of a security report. Let's get started!


The quickest way to install Bearer is with the install script. It will auto-select the best build for your architecture. Defaults installation to ./bin and to the latest release version:

curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh

Or, if your platform supports it, with Homebrew using Bearer's official Homebrew tap:

brew install Bearer/tap/bearer

If you need more control or another way to install Bearer, we offer more installation options.

Scan your project

The easiest way to try out Bearer is with our example project, Bear Publishing. It simulates a realistic Ruby application with common security flaws. Clone or download it to a convenient location to get started.

git clone https://github.com/Bearer/bear-publishing.git

Now, run the scan command with bearer scan on the project directory:

bearer scan bear-publishing

A progress bar will display the status of the scan.

Once the scan is complete, Bearer will output a security report with details of any rules failures, as well as where in the codebase the infractions happened.

By default the scan command uses the SAST scanner; other scanner types are also available.

Analyze the report

The security report is an easily digestible view of the security problems detected by Bearer. A report is made up of:

  • The list of rules run against your code.
  • Each detected failure, containing the file location and lines that triggered the rules failure.
  • A stat section with a summary of rules checks, failures and warnings.

The Bear Publishing example application will trigger rule failures and output a full report. Here's a section of the output containing a failure snippet and the final summary:

CRITICAL: Only communicate using SFTP connections.

File: bear-publishing/app/services/marketing_export.rb:34

34 Net::FTP.open(
35 'marketing.example.com',
36 'marketing',
37 'password123'
41 end


56 checks, 10 failures, 6 warnings

LOW: 3

The security report is just one report type available in Bearer.

Additional options for using and configuring the scan command can be found in the scan documentation.

For additional guides and usage tips, view the docs.