Comments (2)
Issue I see with this approach is context
and data-subject-mapping
are being used by the privacy
report for instance.
Maybe we can keep bearer scan
but create subgroup where format
, for example, would be part of that section.
We would basically get rid of the report flags as a standalone entity.
from bearer.
I like the idea of separate commands as they're different functions of the tool. And we can show the supported formats / applicable options correctly that way. But we'll have to maintain bearer scan
also for backwards compatibility anyway so I'm not sure if it's worth it.
I think we could at least re-group the options to make things clearer, and improve validation to catch all the inconsistent use of options at the flag handling stage.
My take on regrouping the options:
Report Flags
--report string Specify the type of report (security, privacy, dataflow). (default "security")
-f, --format string Specify report format (json, yaml, sarif, gitlab-sast, rdjson, html)
--output string Specify the output path for the report.
Security Report Flags (--report security)
--severity string Specify which severities are included in the report. (default "critical,high,medium,low,warning")
--fail-on-severity string Specify which severities cause the report to fail. Works in conjunction with --exit-code. (default "critical,high,medium,low")
--exit-code int Force a given exit code for the scan command. Set this to 0 (success) to always return a success exit code despite any findings from the scan. (default -1)
Dataflow Report Flags (--report dataflow)
--disable-domain-resolution Do not attempt to resolve detected domains during classification (default true)
--domain-resolution-timeout duration Set timeout when attempting to resolve detected domains during classification, e.g. --domain-resolution-timeout=3s (default 3s)
--internal-domains strings Define regular expressions for better classification of private or unreachable domains e.g. --internal-domains=".*.my-company.com,private.sh"
Rule Flags
--disable-default-rules Disables all default and built-in rules.
--external-rule-dir strings Specify directories paths that contain .yaml files with external rules configuration
--only-rule strings Specify the comma-separated ids of the rules you would like to run. Skips all other rules.
--skip-rule strings Specify the comma-separated ids of the rules you would like to skip. Runs all other rules.
Data Classification Flags
--context string Expand context of schema classification e.g., --context=health, to include data types particular to health
--data-subject-mapping string Override default data subject mapping by providing a path to a custom mapping JSON file
Scan Flags
--scanner strings Specify which scanner to use e.g. --scanner=secrets, --scanner=secrets,sast (default [sast])
--skip-path strings Specify the comma separated files and directories to skip. Supports * syntax, e.g. --skip-path users/*.go,users/admin.sql
--hide-progress-bar Hide progress bar from output
--quiet Suppress non-essential messages
--force Disable the cache and runs the detections again
--parallel int Specify the amount of parallelism to use during the scan
General Flags
--config-file string Load configuration from the specified path. (default "bearer.yml")
--debug Enable debug logs. Equivalent to --log-level=debug
--disable-version-check Disable Bearer version checking
--ignore-file string Load ignore file from the specified path. (default "bearer.ignore")
--log-level string Set log level (error, info, debug, trace) (default "info")
--no-color Disable color in output
from bearer.
Related Issues (20)
- Improve test annotations
- Bearer scan --diff fails with broken pipe when line too long
- Fix string_literal detection HOT 1
- privacy report output is incompatible with reviewdog HOT 1
- Broken reference link in scan results HOT 1
- Failed to get git context: couldn't parse origin url HOT 7
- Add references and guides to html scan output HOT 1
- Unsupported warning message in quiet mode HOT 1
- Does bearer plan to provide SBOM vulnerability analysis feature ? HOT 1
- Report Export format for Defect Dojo HOT 1
- Can only scan git projects? HOT 2
- Error: failed to get git context: error checking for uncommitted changes: exit status 129 HOT 4
- "Missing validation for regular expression" issue does not seem to be correct HOT 1
- Inconsistent vulnerability findings due to fluctuating system resources HOT 3
- GitHub action fails on linux/arm64 host HOT 4
- Strange bearer:expected behaviour during CI runs
- Install on linux fails with 1.43.3 HOT 2
- Integrate with pre-commit framework HOT 1
- HTML report date has incorrect ordinal HOT 2
- Add configuration to move .bearer folder to other location HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bearer.