Commands
Bearer offers a number of commands to use and customize the CLI to your needs.
- scan: Scan a directory or file
- init: Generates a default config to `bearer.yml`
- version: Print the version
bearer scan
Scan a directory or file
bearer scan [flags] <path>Flags
| Name | Description | Default Value |
|---|---|---|
--config-file
|
Load configuration from the specified path. | |
--context
|
Expand context of schema classification e.g., --context=health, to include data types particular to health | |
--data-subject-mapping
|
Override default data subject mapping by providing a path to a custom mapping JSON file | |
--debug
|
Enable debug logs | false |
--disable-domain-resolution
|
Do not attempt to resolve detected domains during classification | true |
--domain-resolution-timeout
|
Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s | 3s |
--external-rule-dir
|
Specify directories paths that contain .yaml files with external rules configuration | [] |
--force
|
Disable the cache and runs the detections again | false |
-f,
--format
|
Specify report format (json, yaml) | |
-h,
--help
|
help for scan | false |
--internal-domains
|
Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh" | [] |
--only-rule
|
Specify the comma-separated ids of the rules you would like to run. Skips all other rules. | [] |
--output
|
Specify the output path for the report. | |
--quiet
|
Suppress non-essential messages | false |
--report
|
Specify the type of report (security, privacy). | security |
--scanner
|
Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast | [sast] |
--severity
|
Specify which severities are included in the report. | critical,high,medium,low,warning |
--skip-path
|
Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql | [] |
--skip-rule
|
Specify the comma-separated ids of the rules you would like to skip. Runs all other rules. | [] |
Usage
# Scan a local project, including language-specific files
$ bearer scan /path/to/your_projectAliases
In addition to the primary scan command, you can also use s in place of it.
bearer init
Generates a default config to `bearer.yml`
bearer init [flags]Flags
| Name | Description | Default Value |
|---|---|---|
-h,
--help
|
help for init | false |
bearer version
Print the version
bearer version [flags]Flags
| Name | Description | Default Value |
|---|---|---|
-h,
--help
|
help for version | false |