Commands

Bearer offers a number of commands to use and customize the CLI to your needs.

  • scan: Scan a directory or file
  • init: Generates a default config to `bearer.yml`
  • version: Print the version

bearer scan

Scan a directory or file

bearer scan [flags] <path>

Flags

Name Description Default Value
--config-file Load configuration from the specified path.
--context Expand context of schema classification e.g., --context=health, to include data types particular to health
--data-subject-mapping Override default data subject mapping by providing a path to a custom mapping JSON file
--debug Enable debug logs false
--disable-domain-resolution Do not attempt to resolve detected domains during classification true
--domain-resolution-timeout Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s 3s
--external-rule-dir Specify directories paths that contain .yaml files with external rules configuration []
--force Disable the cache and runs the detections again false
-f, --format Specify report format (json, yaml)
-h, --help help for scan false
--internal-domains Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" []
--only-rule Specify the comma-separated ids of the rules you would like to run. Skips all other rules. []
--output Specify the output path for the report.
--quiet Suppress non-essential messages false
--report Specify the type of report (security, privacy). security
--scanner Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast [sast]
--severity Specify which severities are included in the report. critical,high,medium,low,warning
--skip-path Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql []
--skip-rule Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. []

Usage

  # Scan a local project, including language-specific files
  $ bearer scan /path/to/your_project

Aliases

In addition to the primary scan command, you can also use s in place of it.

bearer init

Generates a default config to `bearer.yml`

bearer init [flags]

Flags

Name Description Default Value
-h, --help help for init false

bearer version

Print the version

bearer version [flags]

Flags

Name Description Default Value
-h, --help help for version false