Skip to content

massiws/ddev-bearer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

add-on registry tests last commit release

DDEV Bearer

Overview

This add-on integrates Bearer, a powerful static application security testing (SAST) tool, directly into your DDEV project.

It allows you to scan your source code for security and privacy vulnerabilities without leaving the DDEV workflow.

Key Benefits

  • Early Detection: Discover security vulnerabilities in your codebase during development
  • Comprehensive Coverage: Detects risks based on OWASP Top 10 and CWE Top 25 standards
  • Data Flow Analysis: Analyzes your source code's data flows to identify security and privacy risks
  • Flexible Scanning: Customize scans by severity level, scanner type, and context
  • Built-in Rules: Pre-configured rules for common security vulnerabilities

Main Features

  • Multi-Scanner Support: Scan for various vulnerability types including secrets, credentials, and OWASP violations
  • Severity Filtering: Focus on critical and high-severity issues or customize to your needs
  • Configurable Rules: Customize scanning behavior through bearer.yml configuration file
  • Fingerprint-based Ignore Management: Mark specific findings as false positives and track them with author and comment metadata
  • Context-Aware Scanning: Run scans with specific contexts (e.g., health, payment) for targeted analysis

Installation

ddev add-on get massiws/ddev-bearer
ddev restart

# Generates a default config to `bearer.yml`
ddev bearer init

After installation, you may want to customize the default configuration settings by editing the bearer.yml file: see Bearer configuration docs for more information.

Important: Restart DDEV after making changes to the bearer.yml file.

Make sure to commit the .ddev directory and the bearer.yml file to version control.

Usage

Command Description
ddev bearer Display available commands and usage information
ddev bearer scan . Scan entire project using default configuration in bearer.yml
ddev bearer scan . --severity critical,high Scan only for critical and high-severity issues
ddev bearer scan . --scanner=secrets Scan specifically for hardcoded credentials and secrets
ddev bearer scan <path/to/file> --context=health Scan specific file/folder with custom context (health, payment, finance, etc.)
ddev bearer ignore add <fingerprint> --author "Your Name" --comment "Reason" Add fingerprint to ignore file and track with author/comment metadata

Tips & Tricks

Auto-fill Author in Ignore Commands: To avoid specifying the author repeatedly, configure your Git username in DDEV globals:

ln -s $HOME/.gitconfig $HOME/.ddev/homeadditions/.gitconfig

This will automatically use your Git username for all ddev bearer ignore commands.

Documentation

For comprehensive information, refer to the Bearer CLI documentation:

Contributing & Support

Contributed and maintained by @massiws

For issues, feature requests, or contributions, please visit the GitHub repository.

About

Integrate Bearer into DDEV to scan your projects against top security and privacy risks

Topics

Resources

License

Stars

0 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors

Languages

Generated from ddev/ddev-addon-template