Welcoming Bearer as Our Sponsor: Simple Ruby and JavaScript App Security

4/6/2023 by Matthias Endler

As a developer, I have faced my fair share of security mishaps. I recall times when I accidentally exposed sensitive data in logs or sent a network request over a non-encrypted HTTP channel when HTTPS was available. I'm sure many of you can relate to these situations. We may not be security experts, but that doesn't mean we shouldn't take measures to protect our applications. This is where Bearer, a new security tool for Ruby and JavaScript apps (Java coming soon), comes into play.

Security for Everyone

Bearer aims to make security accessible to all developers, even those without expertise in the field. By detecting potential security issues before they reach production, either directly on the CLI or during the CI/CD process, Bearer simplifies the process of securing your application. With a very low false positive rate and a swift scan process, you can focus on addressing real issues rather than chasing ghosts.

Sensitive data, sorted by impact

Is an SQL injection more critical than an XSS vulnerability? With Bearer sensitive data context, you might change your perspective on prioritization.

Indeed, what sets Bearer apart is its ability to detect sensitive data flows (PII, PD, PHI) and link those to the different risks and vulnerabilities found. It automatically prioritizes findings that will have a critical impact on your application and business, essentially to prevent data breaches and data leaks.

A nice add-on to the tool is its ability to generate a privacy report, plus it works with most languages (Ruby, JS, Java, C#, Python, Go).

Empowering Developers with Actionable Insights

In addition to showing what matters first to developers, Bearer provides documented examples of why a particular issue is problematic and how to fix it. This empowers developers to secure their apps in just a few minutes and fosters a better understanding of security best practices.

Integration and Open Source

With support for both GitHub and GitLab, Bearer easily integrates into your existing workflow. The project was recently open-sourced, allowing you to contribute to its development and stay up-to-date with the latest features. Check it out on GitHub at https://github.com/bearer/bearer.

Demo and Availability

If you're curious about Bearer and want to see it in action, watch this YouTube video with a demo:

Try Bearer for Free

Thanks to Bearer for sponsoring this project and contributing to the open-source analysis tools ecosystem. It's free for open-source projects to get started with Bearer.

❤️ Reach Thousands Of Devs Interested In Code Quality

That's why we are currently looking for partners who want to sponsor hosting and development of the project.

We believe that this project should be entirely open to avoid bias and gatekeepers, which promote tools purely based on monetary interest and not on quality. Since we want this to be a community project and the code/assets to be freely available to everyone, we'll use Github Sponsors + Open Collective for funding.

If you believe in the same values, don't hestitate to reach out via mail at hello@analysis-tools.dev