STRLCPY/bearer

docs: add scan configuration guide (#821)
Mark Michon committed with GitHub 1 year ago

f2fb9c69

1 parent 0d4d413a

■ ■ ■ ■ ■ ■

README.md

		skipped 192 lines
193	193
194	194		The security report is just one [report type](https://docs.bearer.com/explanations/reports) available in Bearer.
195	195
196		-	Additional options for using and configuring the `scan` command can be found in the [scan documentation](https://docs.bearer.com/reference/commands/#scan).
	196	+	Ready for the next step? Additional options for using and configuring the `scan` command can be found in [configuring the scan command](https://docs.bearer.com/guides/configure-scan/).
197	197
198		-	For additional guides and usage tips, [view the docs](https://docs.bearer.com/).
	198	+	For more guides and usage tips, [view the docs](https://docs.bearer.com/).
199	199
200	200		## :question: FAQs
201	201
		skipped 85 lines

■ ■ ■ ■ ■ ■

docs/_data/nav.js

		skipped 5 lines
6	6		{
7	7		name: "Guides",
8	8		items: [
	9	+	{ name: "Configure the scan", url: "/guides/configure-scan/" },
9	10		{ name: "Using the GitHub action", url: "/guides/github-action/" },
10	11		{
11	12		name: "Create a custom rule",
		skipped 15 lines
27	28		{
28	29		name: "Sensitive data flow",
29	30		url: "/explanations/discovery-and-classification/",
30		-	}
	31	+	},
31	32		],
32	33		},
33	34		{
		skipped 4 lines
38	39		{ name: "Commands", url: "/reference/commands/" },
39	40		{ name: "Rules", url: "/reference/rules/" },
40	41		{ name: "Data Types", url: "/reference/datatypes/" },
41		-	{ name: "Supported Languages", url: "/reference/supported-languages/" }
	42	+	{ name: "Supported Languages", url: "/reference/supported-languages/" },
42	43		],
43	44		},
44	45		{
		skipped 10 lines

■ ■ ■ ■ ■ ■

docs/docs.md

		skipped 30 lines
31	31
32	32		Guides help you make the most of Bearer so you can get up and running quickly.
33	33
	34	+	- [Configure the scan command](/guides/configure-scan/)
34	35		- [GitHub action integration](/guides/github-action/)
35	36		- [Create custom rule](/guides/custom-rule/)
36	37
		skipped 29 lines

■ ■ ■ ■ ■ ■

docs/guides/configure-scan.md

1	+	---
2	+	title: Configure the scan command
3	+	---
4	+
5	+	# Configure the scan to meet your needs
6	+
7	+	Bearer offers a variety of ways to configure the core `scan` command to best meet your needs. Here are some common situations. For a full list of options, see the [commands reference](/reference/commands/). For many of the command flags listed below, you can also define them in your `bearer.yml` [config file](/reference/config/).
8	+
9	+	## Select a report type
10	+
11	+	There are a variety of [report types](/explanations/reports/) to choose from. Bearer defaults to the Security report, but you can select any other type with the `--report` flag.
12	+
13	+	```bash
14	+	bearer scan . --report privacy
15	+	```
16	+
17	+	## Select a scanner type
18	+
19	+	Did you know that Bearer can also detect hard-coded secrets in your code? In addition to the default SAST scanner, there's a built-in secrets scanner. Use the `--scanner` flag to change [scanner types](/explanations/scanners/).
20	+
21	+	```bash
22	+	bearer scan . --scanner secrets
23	+	```
24	+
25	+	## Skip or ignore specific rules
26	+
27	+	Sometimes you want to ignore one or more rules, either for the entire scan or for individual blocks of code. Rules are identified by their id, for example: `ruby_lang_exception`.
28	+
29	+	### Skip rules for the entire scan
30	+
31	+	To ignore rules for the entire scan you can use the `--skip-rule` flag with the `scan` command.
32	+
33	+	Using `--skip-rule`:
34	+
35	+	```bash
36	+	# skip a single rule
37	+	bearer scan . --skip-rule ruby_lang_exception
38	+
39	+	# skip multiple rules
40	+	bearer scan . --skip-rule ruby_lang_exception,ruby_lang_cookies
41	+	```
42	+
43	+	Using `bearer.yml`
44	+
45	+	```yaml
46	+	rule:
47	+	skip-rule: [ruby_lang_exception, ruby_lang_cookies]
48	+	```
49	+
50	+	### Skip rules for individual code blocks
51	+
52	+	Bearer supports comment-based rule skipping using the `bearer:disable` comment. To ignore a block of code, place the comment immediately before the block.
53	+
54	+	In ruby:
55	+
56	+	```ruby
57	+	# bearer:disable ruby_lang_logger, ruby_lang_http_insecure
58	+	Net::HTTP.start("http://my.api.com/users/search) do
59	+	logger.warn("Searching for #{current_user.email}")
60	+	...
61	+	end
62	+	```
63	+
64	+	In javascript:
65	+
66	+	```javascript
67	+	// bearer:disable javascript_lang_logger
68	+	function logUser(user) {
69	+	log.info(user.name)
70	+	}
71	+	```
72	+
73	+	To ignore an individual line of code, place the comment immediately before the line.
74	+
75	+	```ruby
76	+	def my_func
77	+	# bearer:disable ruby_rails_logger
78	+	Rails.logger(current_user.email)
79	+	end
80	+	```
81	+
82	+	```javascript
83	+	function logUser(user) {
84	+	log.info(user.name)
85	+	// bearer:disable javascript_lang_logger
86	+	log.info(user.uuid)
87	+	}
88	+	```
89	+
90	+	## Run only specified rules
91	+
92	+	Similar to how you can skip rules, you can also tell the scan to only run specific rules. To do so, specify the rule IDs with the `--only-rule` flag.
93	+
94	+	```bash
95	+	bearer scan . --only-rule ruby_lang_cookies
96	+	```
97	+
98	+	## Change the output format
99	+
100	+	Each [report type](/explanations/reports/) has a default output format, but in general you're able to also select between `json` and `yaml` with the `--format` flag.
101	+
102	+	```bash
103	+	bearer scan . --format yaml
104	+	```
105	+
106	+	## Output to a file
107	+
108	+	Sometimes you'll want to hand off the report, and while you could pipe the results to another command, we've included the `--output` flag to make it easier. Specify the path to the output file.
109	+
110	+	```bash
111	+	bearer scan . --report dataflow --output dataflow.json
112	+	```
113	+
114	+	## Limit severity levels
115	+
116	+	Depending on how you're using Bearer, you may want to limit the severity levels that show up in the report. This can be useful for triaging only the most critical issues. Use the `--severity` flag to define which levels to include from the list of critical, high, medium, low, and warning.
117	+
118	+	```bash
119	+	bearer scan . --severity critical,high
120	+	```

■ ■ ■ ■ ■ ■

docs/guides/index.md

		skipped 5 lines
6	6
7	7		Guides help you make the most of Bearer so you can get up and running quickly. Have a request for a new guide? Open an [issue on GitHub]({{meta.links.issues}}).
8	8
	9	+	- [Configure the scan command](/guides/configure-scan/)
9	10		- [Using the GitHub action](/guides/github-action/)
10	11		- [Create a custom rule](/guides/custom-rule/)

■ ■ ■ ■ ■ ■

docs/quickstart.md

		skipped 78 lines
79	79
80	80		```
81	81
82		-	The security report is just one [report type](/explanations/reports) available in Bearer.
83		-
84		-	Additional options for using and configuring the `scan` command can be found in the [scan documentation](/reference/commands/#scan).
	82	+	The security report is just one [report type](/explanations/reports/) available in Bearer.
85	83
86		-	For additional guides and usage tips, [view the docs](/).
	84	+	Ready for the next step? Additional options for using and configuring the `scan` command can be found in [configuring the scan command](/guides/configure-scan/).
87	85

docs: add scan configuration guide (#821)