How Bearer Cloud works
Bearer has a hybrid architecture consisting of two core parts:
- Bearer Broker is a Go binary that scans your code repositories and your cloud infrastructure to gather and send metadata to the Dashboard.
- Bearer Dashboard is a SaaS managed by Bearer. It provides dashboards to bring you visibility over sensitive data flows and data security risks.
Bearer Broker is a Go binary. It acts as a proxy between Bearer and your source code or your cloud datastores resources.
Bearer Broker connects to your:
- source code by integrating with your Source Code Management (SCM) or CI/CD software.
- data stores by integrating with your cloud infrastructure provider.
In this configuration, the Broker is deployed as a Docker image and is hosted on your infrastructure.
Hosting the Broker on-premise allows you to:
- Keep sensitive data, such as your access tokens, inside your private network. This information is never shared with Bearer.
- Provide controlled access to the network by Bearer, limiting the files Bearer can access, and the actions that Bearer can perform.
Communication between the Broker and Bearer uses the Rails ActionCable protocol. This is a full-duplex communication mechanism built on top of WebSockets.
In addition to scanning your code repositories, Bearer allows you to scan your data stores by integrating with your cloud infrastructure provider.
Bearer dashboard is a SaaS managed by Bearer. It provides views into the metadata collected by Bearer detection engine in the form of:
- An inventory and a map of your engineering components (applications, APIs, data stores, dependencies, etc.) and sensitive data flow.
- An inbox to find and fix data security risks and vulnerabilities.