Working on Bearer CLI: https://github.com/Bearer/bearer, I went through the process of Rules. Rules are ways to detect security risks and vulnerabilities across your codebase and enforce best practices. Bearer CLI's security report allows you to quickly identify rule violations in your code.

Brief of my work: I opened two issues associated with Custom Rules.
Currently, the set of rules for python language offered by Bearer is less as compared to Java and Go. They focus on multiple vulnerabilities and cover a significant coverage over a codebase. So I started off with some basic understanding of Rules and their usage. Read about the rule configuration file, it’s structure and went through some examples.

I’ve decided to create a rule for python that detects the vulnerability of hard coded passwords present in the codebase. I have to figure out how to proceed with this. A small overview is presented here: https://github.com/Bearer/bearer-rules/issues/325. I’ll see what the repository maintainer has to say on this.

Meanwhile I also realised that, creating yml and test files in the directory will require a uniformity in the naming convention of the rule IDs. Currently there isn’t any documentation present, but a short guide should be necessary: https://github.com/Bearer/bearer-rules/issues/326.

#buildinpublic #github #linkedin #machinelearning #nlp #remotejob #gitlab #opensourcecontributions #python #pythonprogramming #documentation