ci(bearer): enhance security by integrating Bearer data scanner

- Update GitHub Actions workflow to include a step for scanning sensitive data using Bearer GitHub Action
- Add a new configuration file for Bearer with various settings including logging level and scanning rules
- Configure the scanner to skip certain rules and set parameters for domain resolution and exit codes

Signed-off-by: appleboy <[email protected]>

.github/workflows/testing.yml

@@ -20,6 +20,15 @@ jobs:
           version: latest
           args: --verbose
 
+      # This step uses the Bearer GitHub Action to scan for sensitive data in the codebase.
+      # The 'uses' keyword specifies the action to be used, in this case, 'bearer/bearer-action' at version 'v2'.
+      # The 'with' keyword provides input parameters for the action:
+      # - 'diff: true' indicates that the action should only scan the changes in the current pull request or commit.
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          diff: true
+
   testing:
     strategy:
       matrix:

bearer.yml

@@ -0,0 +1,29 @@
+disable-version-check: false
+log-level: info
+report:
+    fail-on-severity: critical,high,medium,low
+    format: ""
+    no-color: false
+    output: ""
+    report: security
+    severity: critical,high,medium,low,warning
+rule:
+    disable-default-rules: false
+    only-rule: []
+    skip-rule: ["go_gosec_filesystem_filereadtaint", "go_lang_logger_leak"]
+scan:
+    context: ""
+    data_subject_mapping: ""
+    disable-domain-resolution: true
+    domain-resolution-timeout: 3s
+    exit-code: -1
+    external-rule-dir: []
+    force: false
+    hide_progress_bar: false
+    internal-domains: []
+    parallel: 0
+    quiet: false
+    scanner:
+        - sast
+    skip-path: []
+    skip-test: true