diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index e1ee3f0..9c5e187 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -20,6 +20,15 @@ jobs:
           version: latest
           args: --verbose
 
+      # This step uses the Bearer GitHub Action to scan for sensitive data in the codebase.
+      # The 'uses' keyword specifies the action to be used, in this case, 'bearer/bearer-action' at version 'v2'.
+      # The 'with' keyword provides input parameters for the action:
+      # - 'diff: true' indicates that the action should only scan the changes in the current pull request or commit.
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          diff: true
+
   testing:
     strategy:
       matrix:
diff --git a/bearer.yml b/bearer.yml
new file mode 100644
index 0000000..ffcd31f
--- /dev/null
+++ b/bearer.yml
@@ -0,0 +1,29 @@
+disable-version-check: false
+log-level: info
+report:
+    fail-on-severity: critical,high,medium,low
+    format: ""
+    no-color: false
+    output: ""
+    report: security
+    severity: critical,high,medium,low,warning
+rule:
+    disable-default-rules: false
+    only-rule: []
+    skip-rule: ["go_gosec_filesystem_filereadtaint", "go_lang_logger_leak"]
+scan:
+    context: ""
+    data_subject_mapping: ""
+    disable-domain-resolution: true
+    domain-resolution-timeout: 3s
+    exit-code: -1
+    external-rule-dir: []
+    force: false
+    hide_progress_bar: false
+    internal-domains: []
+    parallel: 0
+    quiet: false
+    scanner:
+        - sast
+    skip-path: []
+    skip-test: true