Okay, I have struggled with really badly designed and user-unfriendly static code analysis or Static Application Security Testing (SAST) tools in the past. Bearer's open-source tool is a breath of fresh air in this space that is thirsty for innovation.
As an early tester of the scanner on my RoR and js apps, I really liked the sensitive-data centric prioritization which made it easy for my engineering team to interpret the output directly using CLI. This allowed me to:
- reducing app attack surface to minimize risk of data breach
- meeting regulatory compliance to meet customer's security standards and report on privacy compliance for GDPR, HIPAA, CCPA, etc.
- maximize engineering time on high impact fixes