Artificial Intelligence (AI) is a hot topic these days, especially across the security industry. There's hardly a day when we don't read about its potential to create an impact on our lives, for better or worse.
As a security company, we truly believe in the potential of AI, but we didn't want to jump into the deep end without careful consideration as we followed the buzz with a healthy amount of skepticism. We took the time to engage with our customers and users to understand how AI could practically benefit them in their software security journey.
We're excited to announce our first step in this journey: Bearer Assistant. As the name suggests, it's an AI-powered assistant designed to help AppSec professionals and developers with their daily security tasks, particularly in accelerating the resolution of code security issues.
So, what can the Bearer Assistant do for you today? Let’s dive in.
Context-specific Explanations
Bearer is fundamentally driven by a developer-first approach. Developers have varied experience and often lack formal training in security, making it challenging to comprehend and address security issues, leading to a lot of friction and ultimately slowing down remediation of those issues.
To make code security reports more understandable for developers, Bearer always includes a rule-specific description for each issue it detects, using language familiar to developers and avoiding complex security jargon. We have built Bearer as a pair-programming security buddy, working alongside developers in their workflow.
With the introduction of Bearer Assistant, we're enhancing our approach. Now, we provide customized explanations for each security issue powered by GPT-4, combining our existing developer-friendly descriptions with details specific to the involved code. This results in clearer, more accessible explanations, helping developers to quickly understand and remediate the issues. This augments the Application or Product Security team’s efforts within the developer workflow, reducing finding fatigue and enabling faster fix rate. You can view an example of such an explainer provided by Bearer Assistant below:
Suggesting Code Fixes
Our primary goal isn't only to identify risky code, but to help fix it and enable organizations to ship secure code faster.
Until now, our approach was to only provide a remediation message linked to the specific rule that triggered the code security finding. While helpful, this method isn’t fully tailored to the developer's unique code and requires them to understand the finding, associated risk, and then manually write a code fix in their editor and commit the changes, which is often uncomfortable and slow.
To help fix these code security findings faster, with Bearer Assistant, we are introducing a new feature that allows developers to apply automatically generated code fixes with a single click directly in a Pull Request, powered by GPT-4.
However, we know that this feature isn't applicable for all the findings. Some fixes require more than a simple code rewrite or additional context and steps that are beyond our current automation capabilities. Therefore, we have selectively enabled this functionality for rules where there's a high likelihood that the suggested fix will be effective.
As we gradually roll out Bearer Assistant, we will expand the scope of this feature to maximize the number of security issues where it can be applied, though our focus will always remain on quality over quantity. You can view an example of such a suggested code fix provided by Bearer Assistant below:
AI for both AppSec Teams and Developers
Bearer Assistant is built for both AppSec teams and developers.
AppSec teams can easily access and use Bearer Assistant via their Dashboard, always available to generate an explainer and a code fix with a click. For the security team’s convenience, we have created a button to export the output directly to a JIRA ticket.
Developers can interact with Bearer Assistant through GitHub Pull Requests (note: GitLab integration coming soon). With the /bearer suggest command, developers can activate the assistant and view results directly within their Pull Request workflow without the need to go to the Dashboard. Additionally, when Bearer Assistant suggests a code fix, developers can commit it with a single click, significantly streamlining the process and reducing the need to switch back and forth between their code editor.
Conclusion
Currently, in beta, Bearer Assistant is offered free of charge to our existing customers. However, its use is entirely optional, recognizing that not everyone may be ready to embrace these AI capabilities today.
We invite you to request a demo today to learn more about Bearer Assistant and discover how it can help you expedite your code security remediation process.