Bearer helps you:
- Save time by automating manual and tedious tasks such as data mapping.
- Prioritize your data security efforts by identifying high-risk areas early in your devleopment lifecycle.
- Prevent business risks such as data leaks, data breaches, and noncompliance with data regulations.
Bearer allows you to:
- Build an inventory of your engineering components and data flows by scanning your code repositories.
- Identify data security risks before deployment with alerts.
- Mitigate data security risks with collaborative workflows between your security and development teams.
Use case n°1: the security team at an e-commerce company with thousands of microservices uses Bearer to identify their microservices processing personal data at a high scale and prioritize their pentests on them.
Use case n°2: the security team at a healthcare company uses Bearer to understand where health information lives in their software product and ensure the adequate encryption protocols are systematically implemented.
Use case n°3: the security team at an e-commerce company with thousands of applications uses Bearer to map and document personal data flows across their product, so their Data Protection Officer can ensure compliance with GDPR.
Bearer is comprised of two elements:
- The Bearer Broker: a Go binary packaged as a Docker image. It performs Static Code Analysis (SCA) on your source code to gather and send metadata to the Dashboard infrastructure.
- The Bearer Dashboard: a SaaS managed by Bearer which provides you with dashboards to help you identify and mitigate data security risks.
Bearer integrates with GitHub, GitHub Enterprise, and GitLab (SaaS and self-managed).
Bearer integrates with your CI/CD pipeline and currently supports: GitHub Actions.
You have three options:
- 1.Git repository (SCM) integration with the Broker on-premise. In this configuration, Bearer never has access to sensitive data such as your access tokens. It is the preferred option if you favor security.
- 2.Git repository (SCM) integration with the Broker in SaaS. In this configuration, you provide Bearer with an access token to your SCM software. It is the preferred option if you favor time-to-value over security.
- 3.CI/CD integration (GitHub Action). In this configuration, you integrate Bearer within your GitHub workflows. It is the preferred option if you don't want to create and manage a Personal Access Token.
You need to grant the Broker with:
- Read permissions to scan code repositories.
Users grant the Broker with
Readpermissions on all code repositories to benefit from all features. See Get started for more details.
A free trial consists in:
- 1.Installing the Broker (30 min). Our solution engineering team is here to assist you if needed.
- 2.Scanning your code repositories. You have nothing to do, this is our job.
- 3.Getting access to your inventory (30 min call). Our onboarding team is here to walk you through the product with your actual data.
You need the required rights on your SCM software to install Bearer. If you don’t have them, you’ll probably need to get in touch with your DevOps or SRE team.
Once Bearer is installed, you can use it on your own.
Optionally, you can collect information from your engineering team with surveys to enrich your data inventory.
Bearer never clones repositories nor stores source code ever.
The Broker hosted on your infrastructure has direct access to your source code and sends only metadata to Bearer infrastructure.
The metadata sent to Bearer infrastructure include: names of code repositories / projects, technologies used (data storage, message bus, 3rd-party APIs, etc.), names and URLs of code files, dependencies, and data types.
The Broker scans the code and looks for:
- RegExp that matches some patterns. For instance, it retrieves RegExp matching the structure of domain names (e.g., api.stripe.com).
- Dependencies (e.g., "pg" in a package.json file).
The metadata collected go through a built-in machine learning model to minimize false positives.
In the above-mentioned example, Bearer would detect that the Stripe API and a PostgreSQL database are connected to the repository.
The Broker discovers data (e.g.,
lastname) by scanning structured data files (SQL, OpenAPI, GraphQL, Protobuf files) as well as your entire source code (Methods, Class, Object, Attributes, etc.).
Data types are then classified by a built-in machine learning model.
Data types include: Passwords, PIN, Mother's Maiden Name, Browsing Behavior, Telephone Recordings, Voice Mail, Emails, IP address, Mac address, Device identifier, Browser Fingerprint, Email Address, Physical Address, Telephone Number, Credit Records, Credit Worthiness, Credit Standing, Credit Capacity, Convictions, Charges, Pardons, Age Range, Physical Traits, Income Brackets, Geographic, Biometric Data, Race, National origin, Ethnic Origin, Spoken Languages, Accents, Family Structure, Siblings, Offspring, Marriages, Divorces, Relationships, Credit Card Number, Bank Account, Firstname, Lastname, Fullname, Username, Unique Identifier, Passport Number, ID Number, Call Logs, Links clicked, Demeanor, Attitude, Religious Beliefs, Philosophical beliefs, Thoughts, Knowledge, Country, GPS Coordinate, Room Number, Physical and mental health, Drugs test results, Disabilities, Family health history, Personal health history, Health Records, Blood Type, DNA code, Prescriptions, Cars, Houses, Apartments, Personal Possessions, Height, Weight, Age, Hair Color, Skin Tone, Tattoos, Gender, Piercings, Opinions, Intentions, Interests, Favorite Foods, Colors, Likes, Dislikes, Music, Job Titles, Salary, Work History, School attended, Employee Files, Employment History, Evaluations, References, Interviews, Certifications, Disciplinary Actions, Character, General Reputation, Social Status, Martial Status, Religion, Political Affiliation, Interactions, Gender identity, Sexual Preferences, Sexual History, Friends, Connections, Acquaintances, Associations, Group Membership, Purchases, Sales, Credit, Income, Loan Records, Transactions, Taxes, Purchases and Spending Habits, Image, Conversation.
By default, Bearer automatically scans your codebase once a week to update your inventory.
You can customize the frequency at which Bearer scans your codebase: once a day, once a week, once a month.
Bearer performs diff-aware scans so you can focus on risks in recent changes.