<- Back to the blog

Reduce risks of data breaches throughout your development lifecycle with the new Bearer GitHub Action

Bearer is a Static Application Security Testing (SAST) tool that enables security and engineering teams to map sensitive data flows, implement data security controls and mitigate risks of data leaks throughout the development lifecycle.

Bearer integrates with your CI/CD pipeline, in the form of a GitHub Action, to scan your code repositories on a periodic basis automatically and:

  1. Inventory your engineering components: applications, databases, internal and external services.
  2. Discover and classify data flows across them. Bearer’s detection engine supports 120+ data types, including personal, health and financial information.
  3. Identify, prioritize and assess security risks: missing security measure (e.g. encryption, logging, and access control), cross-border data transfer, unauthorized data sharing with a third-party, and more.
  4. Trigger remediation workflows.

The Bearer GitHub Action is available in the GitHub marketplace and makes it easy to add data security checks to your GitHub workflows. 

Bearer performs diff-aware scans to detect new engineering components, new data flows, and new security risks in recent code changes.

How to set up the integration

First, get in touch with us and our solution engineering team will get back to you shortly to set up your Bearer account.

Second, retrieve your Bearer API token from the Settings > Integrations > API token menu. We recommend that you pass the BEARER_TOKEN as an environment variable and that you store this variable as a secret on GitHub at the repository or organization level.

Third, set up the Bearer GitHub Action. Simply add a new job to your GitHub workflow using the Action as follows in the .github/workflows/bearer.yaml file:

name: Bearer Scanner

on:
  schedule:
    - cron: "0 9 * * *" # Runs every day at 9:00 am

permissions:
  contents: read # Minimal permissions

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - name: Run Bearer
        uses: bearer/actions@main
        env:
          BEARER_TOKEN: ${{ secrets.BEARER_TOKEN }}

Please note that you must add the GitHub Action to every code repository you wish to scan.

Learn more and get support

You can learn more about using the Action by visiting our documentation or requesting a call with our team. If you have any questions, just email us at support@bearer.com and we will get back to you shortly.

Announcements
Share this article:

Bring data security to DevOps

Get a personalized demo to see how Bearer helps you reduce risks of data breaches across your application environment.