Bearer CLI: New features and improvements (summer update!)

2023 Summer is definitely over, but the good news is that it kept our team very busy. We have lots of new features and improvements to share with you today.  

Speed, Precision, Stability

We know how important speed is for developers to efficiently manage security findings in their workflow, and our goal is to complete the scan quicker than the test suite. So once again, we’ve worked on this topic and have dramatically improved the speed of our scanner i.e. Bearer CLI v1.23 is 60% faster than our previous versions, which was already one of the fastest scanners on the market.

In addition to the speed increase, this newest version of Bearer is also better at handling memory consumption while also bringing a nice boost in precision as well, both thanks to a heavy internal re-engineering of our SAST engine.

Lastly, the rules are now downloaded without hitting GitHub directly, solving a rate limiting issue some of you encountered and reported on our Discord in the past.

Diff Scan

Unsurprisingly, differential scan or diff scan (aka delta scan) was one of our top requested features, giving you the ability to perform a speedier scan scanning the “delta”, code added or changed in your CI pipeline, to make sure no security flaws makes their way to production, and so now you can easily do so, even in Bearer CLI free and open version! 

How does it work? With the diff scan, you choose a reference branch (usually main), and then you scan other branches' differences against it, allowing you to get a SUPER fast scan, plus giving you the ability to only surface findings associated with the changes. 

Overall, differential scan is a core pillar of the CI integration, allowing you to integrate Bearer directly into your PR/MR workflow and empower your developers to ship secure code faster than ever. 

Learn more about how to set up diff scan.

A better “ignore” workflow

Having the ability to ignore findings is an essential part of any code security workflow, and thanks to your feedback, we’ve decided to drastically improve it. 

Now, ignored findings are stored in a separate JSON file called bearer.ignore, containing metadata with each ignored finding. There is also now a dedicated interactive command to ignore findings, bearer ignore, that helps you collect the optional metadata for better context gathering and reporting.

Here is a usage example of this new command below:

$ bearer ignore add a6e77c6d42db8f03ffbe5acae290f72c_3

Is this finding a false positive? [Y/n]: Y‍

Add a comment or press enter to continue:‍

Fingerprint added to ignore file:‍

a6e77c6d42db8f03ffbe5acae290f72c_3
├─ Ignored At: 2023-09-26T09:49:48Z
├─ Author: Guillaume Montard
└─ False positive? Yes

The new bearer ignore command bring even more features, as automated synchronization from Bearer Cloud or a migration command, and more, all reflected in the command help below:

$ bearer ignore
Manage ignored fingerprints‍

Usage: bearer ignore  [flags]‍

Available Commands:    
add         Add an ignored fingerprint    
show        Show an ignored fingerprint    
remove      Remove an ignored fingerprint    
pull        Pull ignored fingerprints from Cloud    
migrate     Migrate ignored fingerprints‍

Learn more about how to ignore findings with this new version.

Conclusion

It’s been a busy summer, but we are not done yet, we have a few more things to share in the next few days about our Bearer Cloud product. 

Stay tuned and subscribe below to receive the next update!

‍