Configuring Bearer CLI
Configuration of Bearer CLI can be done with flags on the
scan command, or by using a
bearer.yml file in the project directory.
To initialize the config file, run the following from your project directory:
This creates a config file in your current directory. Below is an annotated version of that file.
# Report settings
# Specify report format (json, yaml, sarif, gitlab-sast)
# Specify the output path for the report.
# Specify the type of report (security, privacy, dataflow).
# Specify which severities are included in the report as a comma separated string
# Rule settings
# Disable all default rules by setting this value to true.
# Specify the comma-separated ids of the rules you would like to run;
# skips all other rules.
# Specify the comma-separated ids of the rules you would like to skip;
# runs all other rules.
# Scan settings
# Specify the type of scanner (sast, secrets).
# Expand context of schema classification
# For example, "health" will include data types particular to health
# Override default data subject mapping by providing a path to a custom mapping JSON file
# Enable debug logs
# Do not attempt to resolve detected domains during classification.
# Set timeout when attempting to resolve detected domains during classification.
# Specify directories paths that contain yaml files with external rules configuration.
# Disable the cache and runs the detections again every time scan runs.
# Define regular expressions for better classification of private or unreachable domains
# e.g., ".*.my-company.com,private.sh"
# Suppress non-essential messages
# Specify the comma separated files and directories to skip. Supports * syntax.
Utilizing a custom config
By default, Bearer CLI will look for a
bearer.yml file in the project directory where the scan is run. Alternatively, you can use the
--config-file flag with the scan command to reference a config file that is outside the project directory.
Ready to take the next step? Learn more about Bearer Cloud.