The engineering organization of companies building modern cloud applications can get incredibly complex. Security teams are caught between the explosive growth of engineering teams and the fragmentation of software architecture. As a result, it can be a challenge to get a clear, complete and up-to-date view of engineering components.
Bringing clarity about the software architecture is the first step to enable you to assess and remediate data security risks properly. With this in mind, we’ve built Bearer to help you automatically build an inventory of your engineering assets.
Scan your codebase
Bearer detects repositories, data stores, internal and external services (e.g., APIs and message buses). It relies on various methods including parsing the Abstract Syntax Tree, looking for RegExp, scanning dependency files (e.g., gemfile.lock, package.json, requirements.txt, composer) and files containing environment variables (e.g., docker-compose.yml). All detected components go through our homemade heuristic and machine learning models to minimize the false-positive rate (<5%).
Bearer starts running in a few minutes, and works both in SaaS and on-premises. The on-premises version requires users to install a Docker image, running a Go binary containing the scanning engine; this means our infrastructure never directly accesses your source code or your data.
Build your inventory
Bearer allows you to document your inventory of engineering components with data flows. That way, you can easily identify services processing sensitive data and perform security audits on them in priority. Security controls can be reviewed and documented to protect the organization against data leaks.
Whenever you need to collect information from engineering teams, you can use light-touch questionnaires embedded in GitHub or GitLab. So you get the info you need to assess risks without slowing down developers.
Key customer benefits
- Save hours of manual work and say goodbye to spreadsheets and manual surveys.
- Get a clear, up-to-date and complete view of your engineering assets.
- Understand where sensitive data live in your products.
- Prioritize your security resources on your riskiest assets.
We’ve got more coming in the next few weeks:
- Continuous scan: Bearer will continuously scan code repositories (through differential analysis and PR scans) to detect new engineering components over time. Whenever engineering adds a new service, you will know about it and you’ll be able to assess the data security risks immediately.
- Data detection: Bearer will automatically detect data, specifically personal data, processed by repositories and databases, so you don’t have to document it manually.
Within a few months, we aim to help you automatically identify and remediate data security risks in relation to your company’s specific data policies. If it sounds like a hot topic, let’s get in touch: we are looking for Design Partners to help us build the future of data security!