Note: This repository is a copy of v1.x releases of Privado Data Safety Generator (earlier, Privado) and is archived in favor of complete overhaul of Privado CLI (v2.0). Privado v2.0 introduces dataflows with a wide array of detections and use-cases. The equivalent GoLang interface has now been moved Privado CLI, and the new scan engine is open-sourced and available at Privado Core.
The project is stable and users may choose to continue using this tool for datasafety report generation. However, this is not under active development and requested features may not be implemented.
Privado is a static code scanning tool to find, fix and remediate privacy issues in your products & applications. Our scan discovers what personal data(as defined by GDPR, other laws) your app is processing, third-party integrations, data flows. With our scan results, we generate privacy reports for your apps as mandated by laws like GDPR or platforms like Apple and keep them in sync with code changes.
- Data Elements: These are personal data that your app is collecting, sharing, processing. Here is a list of data elements that we are discovering.
- Third-Parties: Any third-party integrations inside your code, via APIs or SDKs/libraries.
- APIs: We also discover any internal APIs that your app is connected with.
- Datastores(not released yet, still beta): Identify the databases where you are sourcing the data from or sending the data.
- Privacy Vulnerabilities(not released yet, still beta): Code issues that exist which can lead to privacy vulnerabilities
This is the first use case that we are live with. Currently, to fill the data safety form Android developers have to ask around in the team to find what data they are collecting, spend hours reading the documentation of SDKs to find data shared, and navigate the complex Playstore form. With our scan, we pre-fill data types collected, shared, and guide you with our wizard to generate the data safety report. This is how it works:
- It's a CLI tool that does a static scan of your android app's code to find data types collected, SDKs
- We look at Android permissions, user forms to detect Android Data Type. For the third party, we find relevant SDKs, Libraries & API calls
- Guided workflow to help you fill the rest of the data safety form
- Generates a CSV that you can import to Play Console
- Scan runs locally, no code ever leaves your machine.
Privacy Engineers can use our CLI tool as an MRI for products, applications and find out privacy risks. With our scans, privacy engineers save the time they have to spend chasing engineers with assessments and can directly start prescribing privacy controls for data minimization, sharing, etc.
- Generating Apple Nutrition Label Report
- Generating privacy compliance reports like GDPR Article 30 or RoPA report
- Detecting Privacy Vulnerabilities in current code implementation
- Privacy Policy Generator
To start off, make sure docker
is installed. To install docker, you can follow the steps stated in the official documentation. Linux users should also follow docker post installation steps in order to run Privado CLI without root (sudo
) privileges.
You can install Privado CLI in multiple manners:
The installation script will download and setup the latest stable release for you as per your OS and arch. Run:
curl -o- https://raw.githubusercontent.com/Privado-Inc/privado-datasafety/main/install.sh | bash
To uninstall, simply delete ~/.privado/bin
.
If you are a GoLang fan, you can use the go install
command to install the Privado CLI:
go install github.com/Privado-Inc/privado-datasafety@latest
This will place the privado
binary in your GOPATH
's bin directory. This directory must be added to the $PATH
environment variable. You can learn more here.
We use GitHub Releases to ship versioned privado
releases for supported platforms. You can download a executable of Privado CLI for your platform.
To know your architecture, you can run:
$ uname -m
For detailed platform-specific instructions to setup privado
, refer below:
MacOSX
To setup privado
for macOS (arm64) i.e. Macbook with M1 chip, download privado-darwin-arm64.tar.gz
from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-arm64.tar.gz
$ chmod +x privado
$ mv privado /usr/local/bin/
To setup privado
for macOS (amd64), download privado-darwin-amd64.tar.gz
from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-amd64.tar.gz
$ chmod +x privado
$ mv privado /usr/local/bin/
Linux
To setup privado
on your linux system, download the respective zip from latest release for your platform. Navigate to the download directory and run the following commands:
$ tar -xf ~/.privado/privado-linux-arm64.tar.gz
$ chmod +x privado
$ mv privado /usr/bin/privado
$ tar -xf ~/.privado/privado-linux-amd64.tar.gz
$ chmod +x privado
$ mv privado /usr/bin/privado
Windows
To setup privado
on your windows system, download privado-windows-amd64.zip
from latest release. Navigate to the download directory and run the following bash
commands:
$ mkdir -p $HOME/.privado/bin
$ unzip -o privado-windows-amd64.zip -d $HOME/.privado/bin
$ chmod +x $HOME/.privado/bin/privado
$ echo "export PATH=\$PATH:$HOME/.privado/bin" >> $HOME/.bashrc
Open a new session or source profile for effects to take place in the same session:
$ source $HOME/.bashrc
When using WSL, we recommend moving the binary to /usr/bin
instead for optimal experience across users. Refer to steps for Linux for more information.
If you do not wish to use the pre-built binaries shipped in releases, you can choose to build Privado CLI locally. To do this, make sure that GoLang is installed and follow the following steps:
- Clone the repository:
git clone https://github.com/Privado-Inc/privado-datasafety/.git
- Change directory:
cd privado
- Skip this step if you intend to build the
main
branch.
To build the latest stable release, checkout thelatest
tag:git checkout latest
- Build with Go:
go build
- You can now run
./privado
.
For convenience, we recommend moving privado
to a $PATH
directory. You can refer to manual installation steps for more details.
Privado CLI requires a license key to run scans. To generate a license, run the following command:
privado auth <[email protected]>
A copy of the license will be emailed to you.
To authenticate and bootstrap the app using the generated license, run:
privado bootstrap </path/to/privado-license.json>
and done! You are all set to scan your projects and generate compliance reports.
Please note that generated licenses are valid for 1 year from the date of issue.
For more information about licensing, feel free to get in touch with us on Slack or Email.
Privado CLI works on the client-end and does not share any files, code-snippets, results, or reports during the complete lifecycle.
To scan a repository, simply run:
privado scan <path/to/repository>
Depending on repository size and system configuration, time to scan can vary. Post completion, the results can be viewed on localhost:3000.
To use a different port, simply use the -p
(or --port
) flag:
privado scan <path/to/repository> -p 5001
Results and reports (if generated), are saved to repository/.privado
. We encourage keeping .privado
folder as a part of your repository to facilitate report collaboration and share privacy discovery.
At any point in time, you can directly load the existing results without running the entire scan and continue to generate or modify reports:
privado load <path/to/repository>
This is also helpful for huge codebases and projects with multiple collaborators.
The section contains detailed reference to privado
commands.
Flag | Description |
---|---|
-h, --help |
Help about any command, or sub-command |
-l, --license <string> |
The license file to be used. Overrides the default bootstrapped license (default "/Users/ojaswa/.privado/license.json ") |
Command | Description | Usage | Supported Flags |
---|---|---|---|
auth |
Generate license for Privado | privado auth |
- |
bootstrap |
Authenticates Privado using the requested license and generates required configurations | privado bootstrap [flags] |
--overwrite : Overwrites the existing license fil (if any) |
completion |
Generate the autocompletion script for privado for the specified shell. See each sub-command's help for details on how to use the generated script. | privado completion [command] |
- |
help |
Help about any command | privado help [command] |
- |
scan |
Scan a codebase or repository to identify privacy issues and generate compliance reports | privado scan [flags] |
-o, --overwrite : If specified, the warning prompt for existing scan results is disabled and any existing results are overwritten -p, --port : The port t be used to render HTML results (default 3000) --debug : To enable underlying process output for debugging purposes |
load |
Load a scanned codebase or repository and continue generating compliance reports. It skips privacy scan and loads the results present in the target repository (.privado directory) |
privado load [flags] |
-p, --port : The port t be used to render HTML results (default 3000) --debug : To enable underlying process output for debugging purposes |
Privado is free for:
- Open Source Projects
- For individual developers and small teams.
Privado CLI tool was engineered with security in mind. Our tool runs the scan locally on your machine and your code never leaves your system.