bearer-rules is the default rules repository for Bearer. Here you'll find all the rules that Bearer runs during a scan.
Bearer Documentation - Report a Bug - Discord Community
If you'd like to suggest an improvement or expansion to an existing rule in this repo, that's great news! Local setup instructions can be found in the contribution guide, and you can also check out our guide here for further context on the understanding rule syntax and accepted YAML attributes.
Be sure to add some testdata for your change!
Simple! Fork this repository, and, when running Bearer, disable default rules and instead pull your forked rules from an external directory.
bearer scan my-project \
--disable-default-rules \
--external-rule-dir=bearer-rules/rulesInterested in contributing? We're here for it! For details on how to contribute, setting up your development environment, and our processes, review the contribution guide.
Everyone interacting with this project is expected to follow the guidelines of our code of conduct.
To report a vulnerability or suspected vulnerability, see our security policy. For any questions, concerns or other security matters, feel free to open an issue or join the Discord Community.
Bearer code is licensed under the terms of the Elastic License 2.0 (ELv2), which means you can use it freely inside your organization to protect your applications without any commercial requirements.
You are not allowed to provide Bearer to third parties as a hosted or managed service without the explicit approval of Bearer Inc.