Hello there,<p>I’m Guillaume, the cofounder and CEO of Bearer, a code security startup trying to rethink security products for a developer-first World.<p>7 months ago we introduced on HN, Bearer CLI (<a href="https://github.com/Bearer/bearer">https://github.com/Bearer/bearer</a>), our free and open code security scanner supporting at the time only Ruby and JavaScript applications.<p>We’ve been working very hard with the team, thanks to community feedback to bring tons of new features as well as more language support to become everyone’s go-to code security solution.<p>Just to name a few major features:
- Native integration with GitHub and GitLab
- Diff scanning feature
- PR/MR annotation
- Fingerprinting of findings with "ignore" management<p>Plus the release of TypeScript, Java, and PHP support, plus an early alpha release for both Go and Python. More on our language coverage here: <a href="https://docs.bearer.com/reference/supported-languages/" rel="nofollow noreferrer">https://docs.bearer.com/reference/supported-languages/</a>.<p>Everything mentioned here is still completely free to use!
In addition to Bearer CLI, we’ve also released a SaaS companion dashboard, Bearer Cloud, mostly intended for AppSec team, that provides a nice UI and workflow features to better act on security findings (more here: <a href="https://www.bearer.com/bearer-cloud" rel="nofollow noreferrer">https://www.bearer.com/bearer-cloud</a>)<p>Our Philosophy remains the same as day 1, to provide a solution that just works out-of-the-box for everyone, with a great DX, a good level of risks and security coverage (OWASP TOP 10, CWE Top 25), and the ability to customize everything if needs be.<p>We would love for you to give it a try (30 seconds install, 2 minutes scan), and tell us everything we could improve! Thank you