Discover your application security risks and vulnerabilities in only a few minutes. In this guide you will install Bearer CLI, run the SAST scanner on a local project, and view the results of a security report. Let’s get started!
The quickest way to install Bearer CLI is with the install script. It will auto-select the best build for your architecture. Defaults installation to ./bin and to the latest release version:
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | shOr, if your platform supports it, with Homebrew using Bearer CLI’s official Homebrew tap:
brew install Bearer/tap/bearerIf you need more control or another way to install Bearer CLI, we offer more installation options.
The easiest way to try out Bearer CLI is with the OWASP Juice Shop example project. Clone or download it to a convenient location to get started.
git clone https://github.com/juice-shop/juice-shop.gitNow, run the scan command with bearer scan on the project directory:
bearer scan juice-shopA progress bar will display the status of the scan.
Once the scan is complete, Bearer CLI will output a security report with details of any rules findings, as well as where in the codebase the infractions happened.
By default the scan command uses the SAST scanner; other scanner types are also available.
The security report is an easily digestible view of the security findings detected by Bearer CLI. A report is made up of:
The OWASP Juice Shop example application will trigger rule findings and output a full report. Here’s a section of the output containing a finding snippet and the final summary:
...
HIGH: Sensitive data stored in HTML local storage detected. [CWE-312]
https://docs.bearer.com/reference/rules/javascript_lang_session
To skip this rule, use the flag --skip-rule=javascript_lang_session
File: juice-shop/frontend/src/app/login/login.component.ts:102
 102       localStorage.setItem('email', this.user.email)
=====================================
59 checks, 40 findings
CRITICAL: 0
HIGH: 16 (CWE-22, CWE-312, CWE-798, CWE-89)
MEDIUM: 24 (CWE-327, CWE-548, CWE-79)
LOW: 0
WARNING: 0In addition of the security report, you can also run a privacy report.
Ready for the next step? Additional options for using and configuring the scan command can be found in configuring the scan command.
The Windows Registry Editor lets you easily view and control critical Windows system and application…
In the rapidly expanding Internet of Things (IoT) ecosystem, billions of devices are constantly exchanging…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…