#117 Find code security vulnerabilities with Bearer static code analysis tool

14/03/2023
SecurityTesting

I used to work at Bearer together with Guillaume for a year (he's my EX-boss).
Now they finally made the tool they've been working on public!
It's a static code analysist tool (like Rubocop or Brakeman) to find data and security vulnerabilities.

In this episode I will install the bearer tool and run it on a few repositories, while Guillaume explains the value of using this scanner.

Today Bearer works for Javascript and Ruby, but there are plans to roll it out for other languages.

I personally think that having an extra layer of CI checks wouldn't hurt any app, but it becomes more and more important the bigger your app is. The sooner you start solving data security issues in your app, the better.

Bearer source code: https://github.com/Bearer/bearer

Possible Chapters (not timestamps yet):
0:00 Met my ex after 6 months apart!
0:30 Bearer was just made open source!
1:19 What is Bearer? Who needs it?
4:18 Does Bearer connect to the database, or does in analyze only the codebase?
6:13 Install and run Bearer scanner
8:10 Analyze Bearer scan results
10:06 Skip a rule while doing a bearer scan
10:55 How to resolve bearer scan warnings
11:48 Can we Autocorrect with bearer?
13:50 Fix a bearer scan warning
14:36 Can I build bearer into my CI?
16:50 Generate privacy report CSV
20:05 Bearer vs Brakeman
21:10 Fork bearer and customize rules or add your own rules
24:01 Run Bearer on Corsego repo
26:04 Run Bearer on Insta2Blog repo
29:49 When should I use bearer?
32:48 Can bearer scan a Hanami or Sinatra app?
33:31 Run bearer on my Jekyll blog
34:04 Wrapping up

0
Sign in to join the conversation