Applying security testing to your application shouldn't be complicated. In this guide, I’ll show you how to use a powerful tool called Bearer CLI to run static application security tests (SAST) easily, efficiently, and with compatibility for almost any application.
🧠 What is SAST?
SAST (Static Application Security Testing) is a technique for analyzing the source code of an application to find vulnerabilities without executing it. It’s a key part of any modern DevSecOps pipeline.
With SAST, you can detect:
- SQL Injection
- XSS (Cross-site Scripting)
- Sensitive data leaks
- Insecure use of libraries, and more.
🐻 What is Bearer CLI?
Bearer CLI is an open-source tool that scans your code for security vulnerabilities and privacy issues. Unlike many SAST tools that require complex configuration, Bearer CLI works right out of the box via your terminal—no initial setup required.
✅ Open Source
✅ Supports multiple languages (JavaScript, TypeScript, Java, Ruby, etc.)
✅ Easy integration with CI/CD pipelines (GitHub Actions, GitLab CI, etc.)
🚀 How to Install Bearer CLI
Install using Homebrew (on macOS or Linux):
brew install bearer/tap/bearer
Or use the official install script:
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/install.sh | sh
🛠️ Scan Your Application
Once installed, navigate to the root of your project and simply run:
bearer scan .
This command scans your codebase and prints a vulnerability report directly in your terminal.
🔍 Example usage:
cd ~/mis-proyectos/mi-app
bearer scan .
🧩 Practical Example
See a working demo in this GitHub repository:
📦 CI/CD Integration
To run Bearer automatically in your CI pipelines, add it as a step in your GitHub Actions .yml file:
- name: Scan with Bearer
run: |
curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/install.sh | sh
./bin/bearer scan .
Or in GitLab CI/CD:
sast_scan:
script:
- curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/install.sh | sh
- ./bin/bearer scan .
📁 Custom Reports
Export results in JSON or SARIF format to integrate with GitHub Security or other tools:
bearer scan . --format sarif > resultado.sarif
🌐 Resources & References
- 🌍 Official Bearer CLI Site: https://www.bearer.com/cli
- 📚 Full Documentation: https://docs.bearer.com/cli
- 🧰 GitHub Repository: https://github.com/Bearer/bearer
🎥 Video: Bearer CLI en acción
Prefer to learn visually? Check out this awesome video tutorial:
👉 fix your code with Bearer with one click
(YouTube)
(📽️ Duration: 14 minutes – super clear and straight to the point!)
✅ Conclusion
With tools like Bearer CLI, security doesn't have to be hard or expensive. Adding SAST scans to your workflow is now just a matter of minutes.
Have you tried it yet? Got any questions? Drop them in the comments below — I’d love to hear from you! 👇