crash.software
Projects
Pull Requests
Issues
Builds
bearer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY bearer Files
🤬
fix/812-config-file
ROOT /
docs /
guides /
github-action.md
103 lines | ISO-8859-1 | 3 KB

title: Using the GitHub Action

Using the GitHub Action

Running Bearer from the CLI is great, but if you want it integrated directly with your Git workflow there's nothing easier than a GitHub action. If you're unfamiliar with GitHub actions, here's a primer available from GitHub. You can also see how the action works directly on our Bear Publishing example app.

Getting started

You can view the action here, or follow along below.

Actions live in the .github/workflows/ directory within your repository. Start by creating a bearer.yml file in the workflows directory.

We recommend the following config in .github/workflows/bearer.yml to run Bearer's security report:

name: Bearer

on:
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  rule_check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Report
        id: report
        uses: bearer/[email protected]
      - id: summary
        name: Display Summary
        uses: actions/github-script@v6
        with:
          script: |
            // github does not support multiline outputs so report is encoded
            const report = decodeURIComponent(`${{ steps.report.outputs.rule_breaches }}`);
            const passed = `${{ steps.report.outputs.exit_code }}` == "0";
            if(!passed){ core.setFailed(report); }

This will run the security report, display the results to the action summary screen within GitHub, and flag the action as pass or fail based on whether Bearer's default rules pass or fail.

Further configuration

Just as with the CLI app, you can configure the action to meet the needs of your project. Set custom inputs and outputs using the with key. Here's an example using the config-file, skip-path, and only-rule flags:

steps:
  - uses: actions/checkout@v3
  - name: Bearer
    uses: bearer/[email protected]
    with:
      config-file: '/some/path/bearer.yml'
      only-rule: 'ruby_lang_cookies,ruby_lang_http_post_insecure_with_data'
      skip-path: 'users/*.go,users/admin.sql'

The following are a list of available inputs and outputs:

Inputs

scanner

Optional Specify the comma-separated scanner to use e.g. sast,secrets

config-file

Optional Bearer configuration file path

only-rule

Optional Specify the comma-separated IDs of the rules to run; skips all other rules.

skip-rule

Optional Specify the comma-separated IDs of the rules to skip; runs all other rules.

skip-path

Optional Specify the comma-separated paths to skip. Supports wildcard syntax, e.g. users/*.go,users/admin.sql

Outputs

rule_breaches

Details of any rule breaches that occur. This is URL encoded to work round GitHub issues with multiline outputs.

exit_code

Exit code of the bearer binary, 0 indicates a pass

Make the most of Bearer

For more ways to use Bearer, check out the different report types, available rules, supported data types.

Have a question or need help? Join our Discord community!!missing!! or open an issue on GitHub!!missing!!.

Please wait...
Page is in error, reload to recover