Okay, I have struggled with really badly designed and user-unfriendly static code analysis or Static Application Security Testing (SAST) tools in the past. Bearer's open-source tool is a breath of fresh air in this space that is thirsty for innovation.
As an early tester of the scanner on my RoR and js apps, I really liked the sensitive-data centric prioritization which made it easy for my engineering team to interpret the output directly using CLI. This allowed me to:
- reducing app attack surface to minimize risk of data breach
- meeting regulatory compliance to meet customer's security standards and report on privacy compliance for GDPR, HIPAA, CCPA, etc.
- maximize engineering time on high impact fixes
2 comments
[ 3.3 ms ] story [ 12.2 ms ] threadAs an early tester of the scanner on my RoR and js apps, I really liked the sensitive-data centric prioritization which made it easy for my engineering team to interpret the output directly using CLI. This allowed me to: - reducing app attack surface to minimize risk of data breach - meeting regulatory compliance to meet customer's security standards and report on privacy compliance for GDPR, HIPAA, CCPA, etc. - maximize engineering time on high impact fixes