Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Alternatives To Bearer
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Caddy47,426118334a day ago85October 26, 202081apache-2.0Go
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
Portainer25,61012 days ago78April 21, 20211,141zlibGo
Making Docker and Kubernetes management easy.
a day ago49mitPython
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
Macos Security And Privacy Guide20,196
a month ago16mitPython
Guide to securing and improving privacy on macOS
Matomo17,7768118 hours ago620September 18, 20222,309gpl-3.0PHP
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
18 hours ago658otherC++
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Personal Security Checklist11,289
7 days ago25other
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2022
19 hours ago277gpl-3.0Java
Multi-platform transparent client-side encryption of your files in the cloud
a day ago582otherC++
Monero: the secure, private, untraceable cryptocurrency
23 days ago14mitJavaScript
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Alternatives To Bearer
Select To Compare

Alternative Project Comparisons

Scan your source code against top security and privacy risks.

Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.

Currently supporting JavaScript, TypeScript and Ruby stacks.
Java support is under active development.

Getting Started - FAQ - Documentation - Report a Bug - Discord Community

GitHub Release Test Contributor Covenant Discord

Bearer Cloud is coming soon. Sign up for the waitlist to be the first to try it.

Developer friendly static code analysis for security and privacy

Bearer CLI provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10, and privacy risks. Here are some practical examples of what those rules look for:

  • Non-filtered user input (sql injection, path traversal, etc.)
  • Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments.
  • Usage of weak encryption libraries or misusage of encryption algorithms.
  • Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive data.
  • Hard-coded secrets and tokens.

And many more.

Bearer CLI is Open Source (see license) and fully customizable, from creating your own rules to component detection (database, API) and data classification.

Bearer CLI also powers our commercial offering, Bearer Cloud, allowing security teams to scale and monitor their application security program using the same engine.

🚀 Getting started

Discover your most critical security risks and vulnerabilities in only a few minutes. In this guide, you will install Bearer CLI, run a security scan on a local project, and view the results. Let's get started!

Install Bearer CLI

The quickest way to install Bearer CLI is with the install script. It will auto-select the best build for your architecture. Defaults installation to ./bin and to the latest release version:

curl -sfL | sh

Other install options


Using Bearer CLI's official Homebrew tap:

brew install bearer/tap/bearer

Update an existing installation with the following:

brew update && brew upgrade bearer/tap/bearer
sudo apt-get install apt-transport-https
echo "deb [trusted=yes] /" | sudo tee -a /etc/apt/sources.list.d/fury.list
sudo apt-get update
sudo apt-get install bearer

Update an existing installation with the following:

sudo apt-get update
sudo apt-get install bearer

Add repository setting:

$ sudo vim /etc/yum.repos.d/fury.repo
name=Gemfury Private Repo

Then install with yum:

  sudo yum -y update
  sudo yum -y install bearer

Update an existing installation with the following:

sudo yum -y update bearer

Bearer CLI is also available as a Docker image on Docker Hub and

With docker installed, you can run the following command with the appropriate paths in place of the examples.

docker run --rm -v /path/to/repo:/tmp/scan bearer/bearer:latest-amd64 scan /tmp/scan

Additionally, you can use docker compose. Add the following to your docker-compose.yml file and replace the volumes with the appropriate paths for your project:

version: "3"
    platform: linux/amd64
    image: bearer/bearer:latest-amd64
      - /path/to/repo:/tmp/scan

Then, run the docker compose run command to run Bearer CLI with any specified flags:

docker compose run bearer scan /tmp/scan --debug

The Docker configurations above will always use the latest release.


Download the archive file for your operating system/architecture from here.

Unpack the archive, and put the binary somewhere in your $PATH (on UNIX-y systems, /usr/local/bin or the like). Make sure it has permission to execute.

To update Bearer CLI when using the binary, download the latest release and overwrite your existing installation location.

Scan your project

The easiest way to try out Bearer CLI is with the OWASP Juice Shop example project. It simulates a realistic JavaScript application with common security flaws. Clone or download it to a convenient location to get started.

git clone

Now, run the scan command with bearer scan on the project directory:

bearer scan juice-shop

A progress bar will display the status of the scan.

Once the scan is complete, Bearer CLI will output, by default, a security report with details of any rule findings, as well as where in the codebase the infractions happened and why.

By default the scan command use the SAST scanner, other scanner types are available.

Analyze the report

The security report is an easily digestible view of the security issues detected by Bearer CLI. A report is made up of:

  • The list of rules run against your code.
  • Each detected finding, containing the file location and lines that triggered the rule finding.
  • A stat section with a summary of rules checks, findings and warnings.

The OWASP Juice Shop example application will trigger rule findings and output a full report. Here's a section of the output:

HIGH: Sensitive data stored in HTML local storage detected. [CWE-312]
To skip this rule, use the flag --skip-rule=javascript_lang_session

File: juice-shop/frontend/src/app/login/login.component.ts:102

 102       localStorage.setItem('email',


59 checks, 40 findings

HIGH: 16 (CWE-22, CWE-312, CWE-798, CWE-89)
MEDIUM: 24 (CWE-327, CWE-548, CWE-79)
LOW: 0

In addition of the security report, you can also run a privacy report.

Ready for the next step? Additional options for using and configuring the scan command can be found in configuring the scan command.

For more guides and usage tips, view the docs.

❓ FAQs

What makes Bearer CLI different from any other SAST tools?

SAST tools are known to bury security teams and developers under hundreds of issues with little context and no sense of priority, often requiring security analysts to triage issues manually.

The most vulnerable asset today is sensitive data, so we start there and prioritize findings by assessing sensitive data flows to highlight what is more critical, and what is not. This unique ability allows us to provide you with a privacy scanner too.

We believe that by linking security issues with a clear business impact and risk of a data breach, or data leak, we can build better and more robust software, at no extra cost.

In addition, by being Open Source, extendable by design, and built with a great developer UX in mind, we bet you will see the difference for yourself.

What is the privacy scanner?

In addition of detecting security flaws in your code, Bearer CLI allows you to automate the evidence gathering process needed to generate a privacy report for your compliance team.

When you run Bearer CLI on your codebase, it discovers and classifies data by identifying patterns in the source code. Specifically, it looks for data types and matches against them. Most importantly, it never views the actual valuesit just cantbut only the code itself. If you want to learn more, here is the longer explanation.

Bearer CLI is able to identify over 120+ data types from sensitive data categories such as Personal Data (PD), Sensitive PD, Personally identifiable information (PII), and Personal Health Information (PHI). You can view the full list in the supported data types documentation.

Finally, Bearer CLI also lets you detect components storing and processing sensitive data such as databases, internal APIs, and third-party APIs. See the recipe list for a complete list of components.

Supported Language

Bearer CLI currently supports JavaScript, TypeScript and Ruby and their associated most used frameworks and libraries. Java support is under active development, more languages will follow.

How long does it take to scan my code? Is it fast?

It depends on the size of your applications. It can take as little as 20 seconds, up to a few minutes for an extremely large code base. Weve added an internal caching layer that only looks at delta changes to allow quick, subsequent scans.

Running Bearer CLI should not take more time than running your test suite.

What about false positives?

If youre familiar with SAST tools, false positives are always a possibility.

By using the most modern static code analysis techniques and providing a native filtering and prioritizing solution on the most important issues, we believe this problem wont be a concern when using Bearer CLI.

When and where to use Bearer CLI?

We recommend running Bearer CLI in your CI to check new PRs automatically for security issues, so your development team has a direct feedback loop to fix issues immediately.

You can also integrate Bearer CLI in your CD, though we recommend setting it to only fail on high criticality issues, as the impact for your organization might be important.

In addition, running Bearer CLI as a scheduled job is a great way to keep track of your security posture and make sure new security issues are found even in projects with low activity.

✋ Get in touch

Thanks for using Bearer CLI. Still have questions?

🤝 Contributing

Interested in contributing? We're here for it! For details on how to contribute, setting up your development environment, and our processes, review the contribution guide.

🚨 Code of conduct

Everyone interacting with this project is expected to follow the guidelines of our code of conduct.

🛡 Security

To report a vulnerability or suspected vulnerability, see our security policy. For any questions, concerns or other security matters, feel free to open an issue or join the Discord Community.

🎓 License

Bearer CLI code is licensed under the terms of the Elastic License 2.0 (ELv2), which means you can use it freely inside your organization to protect your applications without any commercial requirements.

You are not allowed to provide Bearer CLI to third parties as a hosted or managed service without the explicit approval of Bearer Inc.

Popular Privacy Projects
Popular Security Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Security Tools
Static Analysis
Data Flow
Code Quality
Security Audit
Application Security
Security Automation
Static Code Analysis
Security Scanner