bearer.com updates
bearer.com updates
www.bearer.com

Jira Integration

 

New

  

We have released our Jira Integration!

To ease collaboration, you can now create Jira Tickets from Risk Events cards or link them to an existing Jira Ticket.

Jira statuses are automatically retrieved and displayed in linked cards.

Check our documentation for more details and deployment instructions.

Screenshot 2022-09-23 at 15.58.32.png

New Integration Settings page

 

Improvement

  

Our integration page went through a major improvement. We are preparing it to receive many more interconnection capabilities in source code and production.

Now find all the integrations Bearer supports and will support in the feature at one place.

Screenshot 2022-09-01 at 14.56.48.png

Multiple Bearer API Tokens

 

Improvement

  

We have improved Bearer API's Token feature. You can now create multiple token and revoke them when needed.

This brings additional security to Bearer deployments and improved maintainability.

Screenshot 2022-09-01 at 14.51.02.png

Risk Detection

 

New

  

Bearer now detects security risks that cause data breaches by scanning your code repositories.

Customer benefits are:

  1. Detect and mitigate security risks before they reach your production environment.
  2. Assess risks faster and more accurately with actionable context.
  3. Stop slowing down development by automating security checks.

Risk events are listed on the Home page in an inbox format.

Capture d’écran 2022-08-05 à 11.21.21.png

A risk event is triggered when:

  1. a repository processes new sensitive data.

Capture d’écran 2022-08-05 à 11.22.05.png

  1. a repository processes sensitive data and integrates with a new third party.

Capture d’écran 2022-08-05 à 11.36.01.png

  1. sensitive data is not encrypted

Capture d’écran 2022-08-05 à 11.21.54.png

Bearer provides you with contextual information so you can investigate and assess risks efficiently. Once a risk has been detected, you can ignore it, assign it to a teammate or close it once it has been mitigated.

Risk events can be customized in the Settings to fit your own processes. For each risk event you can set up:

  • the risk level.
  • notifications (emails, Slack).

Capture d’écran 2022-08-05 à 11.25.31.png

Capture d’écran 2022-08-05 à 11.25.56.png

For more information, please refer to the documentation.

Weekly Report

 

New

  

Every Monday morning, users receive a report by email. This report summarizes the previous week's detections.

Users can proactively investigate new detections to identify and assess associated security risks that may lead to a data breach.

image.png

image.png

Data discovery has been extended to the entire codebase

 

New

  

The Bearer Broker used to discover and classify data by scanning OpenAPI, SQL, GraphQL, and Protobuf files only.

Data discovery and classification capabilities have been extended to the entire codebase in the following languages:

  • C#
  • Golang
  • Java
  • Javascript/Typescript
  • PHP
  • Python
  • Ruby

The general mechanics is that it looks for Objects (e.g., User) and their properties or attributes (e.g., lastname).

You just need update the broker by running docker pull bearersh/broker:latest

For more information please refer to the documentation.

New Integrations Tab

 

Improvement

  

The Integrations and Interfaces tabs on the Component page have been merged for better readability.

On the page of a Component - let's call it Repository A - you can now see:

  • the Components with which Repository A integrates, meaning the Components that Repository A consumes (for instance a third-party service).
  • the Components that integrate with Repository A, meaning the Components that consume Repository A (for instance internal applications calling the endpoints of Repository A).

image.png

UI Upgrade

 

Improvement

  

Months of iterations and dozens of user feedback led us to improve our User Interface.

New inventory layout

  • Components are now displayed as cards for better readability.
  • The component detection date has been added.
  • You can change the status of components directly from the inventory page.

image.png

New component page layout

  • Component information has been moved to the left and lightened for better readability.

image.png

Additional information about Git Integrations

  • For users relying on the Broker: an event log including Activity date, Version, and Container UUID, has been added.
  • For users relying on the Bearer GitHub Action: an event log has been added.

Broker.png

Automated Data Discovery & Classification

 

New

  

Data discovery and classification are now fully automated.

Bearer’s detection engine supports 120+ data types, including personal, health, and financial data. See the full list of data types here.

You can create your own data categories - which regroup data types - to fit your data taxonomy.

Data type processed can be seen in your inventory and on the page of a component.

inventory-data-detection.png

component-data-detection.png

GitHub Actions Integration

 

New

  

You can now integrate Bearer directly in your CI/CD pipeline with a GitHub Action (see documentation).

Thus you can use Bearer without creating and managing a Personal Access Token.