<- Back to the blog

Bearer in your CI/CD with our GitHub Action

Bearer is a Static Application Security Testing (SAST) tool that enables security and engineering teams to identify and mitigate data security risks throughout the software development lifecycle. 

It integrates with Source Code Management (SCM) software (see Git repository integrations for more details) to scan your code repositories, discover and classify data flows, and detect gaps with your data security policy. 

We’re excited to announce that we have just released a GitHub Action to help you integrate Bearer directly into your CI/CD pipeline. This offers a new deployment option from our SCM integration, but both provide the same results as they all rely on the same Bearer engine.

So what’s the benefit of using the new GitHub Action over the SCM approach? Customers no longer need to create and manage a Personal Access Token to enable Bearer to scan their code repositories. 

Bearer GitHub Action

The Bearer GitHub Action is available on GitHub marketplace. It allows you to scan your source code on a periodic basis automatically.

Bearer performs diff-aware scans to detect new engineering components, new data flows, and new security risks in recent code changes.

How to use the Bearer GitHub Action

Add a new job to your GitHub workflow using the Action as follows in the .github/workflows/example-workflow.yaml file:

name: Bearer Scanner

on:
  schedule:
    - cron: "0 9 * * *" # Runs every day at 9:00 am

permissions:
  contents: read # Minimal permissions

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Run Bearer
        uses: bearer/actions@main
        env:
          BEARER_TOKEN: ${{ secrets.BEARER_TOKEN }}

Please note that you must add the GitHub Action to every code repository you wish to scan.

That's all it takes! You can learn more about obtaining and setting your Bearer token, and using the action, by visiting CI/CD integrations in our documentation.

What’s next?

We are working on additional CI/CD integrations in the coming months: Azure Pipelines, Bitbucket Pipelines, CircleCI, Jenkins, and more. 

If you’re interested in integrating Bearer to your CI/CD pipeline, but are not using GitHub, let us know which CI/CD integration you need at support@bearer.com.

Announcements
Share this article:

Bring data security to DevOps

Get a personalized demo to see how Bearer helps you implement your data security policy and mitigate risks of data leaks throughout the development lifecycle.