Languages and frameworks

Learn more

Bearer currently supports Ruby and JavaScript applications and popular frameworks such as Rails, Node.js, Express and more.

Additional languages and framework support are on the roadmap.

Ruby
Rails
JavaScript
Node.JS
Learn more

Languages and frameworks

Curio currently supports Ruby and JavaScript applications and popular frameworks such as Rails, Node.js, Express and more.

Additional languages and framework support are on the roadmap.

A polar bear sleeping.

Built for noise cancellation

No ones like being alerted for nothing, especially developers!

Bearer's core concept (data-first) and underlying technology have been built to maximize security impact & minimize developer's focus.

TLDR; We can't guarantee that we won't trigger a false positive (only marketing can!), but we can confidently say it shouldn't be a concern!

Full-featured data-first security scanner

Built-in rules

Bearer comes packaged with a set of rules for each language it fully supports, covering most of the OWASP Top 10.

Built-in data classification

Every rule is triggered in the context of the detection of sensitive data classified against 130 different types. They represent the global taxonomy of Personal Data (PD), Personal Identification Information (PII) and Personal Health Information (PHI)

Privacy report

Generate a privacy report of your applications to help your privacy engineers and compliance team comply with privacy regulations such as GDPR  or CPRA.

Live terminal execution

Execute, test and modify Bearer parameters on single files, a repository, or entire Git instances, locally or in a CI/CD.

Fully extensible

Extend Bearer open source to define your own custom detection rules and data classifiers, all through YAML and JSON configurations.
Animated screenshots of Bearer OSS running on a terminal.

Contribute to Bearer!

Help us make Bearer better, feel free to contribute.

A cute polar bear looking at you.
What does Bearer exactly?
How do you detect sensitive data flows from the code?
What makes Bearer different from any other SAST?
How do I use it?
How long does it take to scan my code?
What languages do you support today?
I hate static code analyzers, why should I try this one?
I’m already using another SAST, why should I try this one?
Why do you use the Elastic License?