Security should never be an afterthought. Bearer makes developers' life easier by installing a security scanner in just a few minutes. You already get results and recommendations on the first run. And it's open source 🤯

Hello tech hunters 🤓 I am excited to share with you two years of work, now available to everyone through today's PH launch! As software developers, we know that security is essential, but can also be difficult because it is time-consuming, costly, and often feels inaccessible. At Bearer.com, we believe that developers deserve better security tools, and it starts with a great developer experience. We show you what matters by reducing noise, maximizing context, and providing remediation hints. Security doesn't have to be scary. Today, we are thrilled to Open Source our code security solution with an easy-to-use CLI. You can install it in minutes and test your code for known security issues, starting with the most critical issues that can lead to data breaches or leaks. I hope this encourages all of us to provide better software and ultimately better protect our data. 🐻🛡️ Guillaume.

Thank you that looks super great, lots of rules already! How easy is it to write new rules? What’s the main use case you’ve seen so far? CI integration I guess?

I am not a developer, but I know about the importance of security scanning (firsthand experiences, unfortunately 😬). I am a fan if this makes software a tiny bit less vulnerable!

Thank you for hunting us @picsoung! I wanted to share some perspective on this launch from a security product builder. Not often it is that you hear than a security product is available open-source. We are in a market where something as simple as trying out a product is buried within sales cycles, security questionnaires, and bake-offs. As a former application security engineer, I know the pain of using poorly designed static code analyzers or as market knows them - SAST. In my experience at an enterprise, the scan took a few days, output was literally un-usable and required weeks of triage - forget about ever getting anything fixed because convincing developers about such risk without frequent engagement was close to impossible. Super proud of our team here, who has done an amazing job in creating Bearer CLI that is easily adopted by engineering teams, and makes security team's job easy by focusing on what matters most - sensitive data at risk. As Apple's founder Steve Jobs used to say - 'less is more'. If you are in building a software product business or lead a security-forward engineering team, you know how important it is to get adoption and engagement between your security and engineering teams for long-term risk reduction, and Bearer makes it easy - please give it a try, and let us know your feedback!

This is a fantastic way to shift left privacy. We use the CLI with our projects and love the actionable recommendations we get. It is extremely easy to set up and use. Congratulations on the launch team Bearer!

added to my collection of awesome developer-first products. congrats on the launch, ?makers, cocorico!

Congratulations, looks awesome, I'm always worried about vulnerabilities. Bearer should give me ease of mind!

Excited to see folks tackling the data security problem in a developer-first fashion! Still a lot to figure out but this iteration is very promising and the team behind seems to be the best one to crack this problem

I love your logo and it caught my attention. I voted for your product on Product Hunt, and I wish you the best of luck!

No PHP support?

Congrats on the launch! I was wondering how you place Bearer compared to GitHub Dependabot, which can also detect call sites in case you are calling a vulnerable function. https://github.blog/2022-04-14-d....

I've tried running bearer on a few of my rails apps -> the scan results looks quite useful for finding security gaps in the code that I otherwise would not have even thought about. I think it's a tool worth adding to the CI pipeline.

Nice! I tried our Bearer on my codebase and it surprisingly worked without any setup required and highlighted some issues. I totally recommend it!

Nice! Seems like it's easy to get it up and running for an existing codebase!

Fantastic! Excited to use this in my daily development.

That will save me a lot of work @picsoung . 😻

Congrats on the launch!

congrats!

very cool - we have been using kiuwan and switched to SonarQube. would love to try this.