Today, we're pleased to announce a new approach to help teams manage application code security at scale supercharged with deep sensitive data context, and ship trustworthy products faster.
Using SAST effectively at scale is painful
When you talk to teams that use security products on larger applications or codebases, you quickly find that SAST products elicit quite a negative response. These static application security testing tools are slow, generate an excessive amount of alerts, have a high false positive volume, and don't always play nice with multi-language projects and monorepos.
To add to these problems most SAST products require a deep level of security knowledge to be used effectively, but developers aren't expected to be security experts. They don't have time to get deeply trained in triaging and keeping up with security risks, and security teams don't have the capacity to act as go-betweens at the speed of engineering delivery nowadays.
To solve these problems, we launched Bearer CLI—our new take on SAST—three months ago. Open source and developer-first from the ground up. It uses sensitive data context already available in the code to generate developer-friendly findings prioritized to optimize their efforts, supports multi-language and multi-framework codebases, and offers an expansive rule system that is extensible by the community.
The community responded immediately, and since its launch in early March 2023, Bearer CLI saw:
- 30k+ scans
- 6k+ downloads
- 1.1k+ stars on GitHub
Adoption has been incredible, and that's why we're happy to share the next layer on top of our open source tool. Today, we’re announcing Bearer Cloud.
Application code security, managed
Bearer Cloud is designed to fit your existing workflows and help manage application code security at scale by adding the magic of collaboration and organization to Bearer CLI. This allows you to combine sensitive data context with static code analysis to make security and privacy engineering simpler and smarter to maximize the ROI for your DevSecOps and central security team driven programs. Key features include:.
- Custom-built SAST engine. Bearer Cloud is powered by our open source SAST engine, Bearer CLI. It discovers sensitive data flows and associated security risks and vulnerabilities, including OWASP's most critical risk categories with over 100 built-in rules.
- Finding management. Bearer Cloud's findings inbox gives you insight into code across your organization. Collaborate effectively and triage threats as they're detected.
- Continuous threat modeling. The platform allows you to optimize your efforts by detecting services, applications, and coding repositories containing PII, PHI etc. privacy-relevant data types, and software supply chain risks to external API components.
- Automated business impact prioritization. Our severity algorithm helps your team filter and prioritize risks in the context of sensitive data. This way, you can focus on the findings with high business impact.
- Remediation advice with every scan. Allow your developers to automatically assess code security issues and fix them before merging. Bearer Cloud provides actionable remediation advice without slowing your team down.
- Security posture reporting. Track security improvements over time and discuss progress with your stakeholders using Bearer Cloud's KPIs and reporting feature.
- Automatic privacy reports. Automatically generate reports that show sensitive data processed by each application, associated data subjects, and any third-party risks associated with it. Help your privacy and compliance teams with the information they need for GDPR and other frameworks.
- SCM, CLI, CI/CD integrations: Scan your codebase wherever it lives. We have integrations for GitLab and GitHub, easy setup with other CI/CD platforms, and a fast CLI tool for local development.
- Enterprise collaboration and workflow compatible: We're launching with out-of-the-box support for Slack and Jira, so you can connect Bearer Cloud with the tools you already use across the organization.
Get started
Ready to scale your application code security program? If you haven’t already, run a scan with Bearer CLI. It’s open source, free, installs in minutes, and provides immediate value for your engineering, security, and even privacy and compliance teams.
If you’re already familiar with Bearer CLI and want to manage your application code security at scale, book a demo to see everything that Bearer Cloud has to offer.
