README
¶
Privado User Documentation
What is Privado?
Privado is a static code scanning tool to find, fix and remediate privacy issues in your products & applications. Our scan discovers what personal data(as defined by GDPR, other laws) your app is processing, third-party integrations, data flows. With our scan results, we generate privacy reports for your apps as mandated by laws like GDPR or platforms like Apple and keep them in sync with code changes.
What does our scan discover?
- Data Elements: These are personal data that your app is collecting, sharing, processing. Here is a list of data elements that we are discovering.
- Third-Parties: Any third-party integrations inside your code, via APIs or SDKs/libraries.
- APIs: We also discover any internal APIs that your app is connected with.
- Datastores(not released yet, still beta): Identify the databases where you are sourcing the data from or sending the data.
- Privacy Vulnerabilities(not released yet, still beta): Code issues that exist which can lead to privacy vulnerabilities
What can I do with Privado?
Generate Play Store Data Safety Report
This is the first use case that we are live with. Currently, to fill the data safety form Android developers have to ask around in the team to find what data they are collecting, spend hours reading the documentation of SDKs to find data shared, and navigate the complex Playstore form. With our scan, we pre-fill data types collected, shared, and guide you with our wizard to generate the data safety report. This is how it works:
- It's a CLI tool that does a static scan of your android app's code to find data types collected, SDKs
- We look at Android permissions, user forms to detect Android Data Type. For the third party, we find relevant SDKs, Libraries & API calls
- Guided workflow to help you fill the rest of the data safety form
- Generates a CSV that you can import to Play Console
- Scan runs locally, no code ever leaves your machine.
Privacy Audits
Privacy Engineers can use our CLI tool as an MRI for products, applications and find out privacy risks. With our scans, privacy engineers save the time they have to spend chasing engineers with assessments and can directly start prescribing privacy controls for data minimization, sharing, etc.
We have the following use cases on our Roadmap:
- Generating Apple Nutrition Label Report
- Generating privacy compliance reports like GDPR Article 30 or RoPA report
- Detecting Privacy Vulnerabilities in current code implementation
- Privacy Policy Generator
Prerequisite - Docker
To start off, make sure docker is installed. To install docker, you can follow the steps stated in the official documentation. Linux users should also follow docker post installation steps in order to run Privado CLI without root (sudo) privileges.
Installation
You can install Privado CLI in multiple manners:
Install using curl:
The installation script will download and setup the latest stable release for you as per your OS and arch. Run:
curl -o- https://raw.githubusercontent.com/Privado-Inc/privado/main/install.sh | bash
To uninstall, simply delete ~/.privado/bin.
Install using Go
If you are a GoLang fan, you can use the go install command to install the Privado CLI:
go install github.com/Privado-Inc/privado@latest
This will place the privado binary in your GOPATH's bin directory. This directory must be added to the $PATH environment variable. You can learn more here.
Install Release Manually
We use GitHub Releases to ship versioned privado releases for supported platforms. You can download a executable of Privado CLI for your platform.
To know your architecture, you can run:
$ uname -m
For detailed platform-specific instructions to setup privado, refer below:
MacOSX
ARM64 (M1 Chip)
To setup privado for macOS (arm64) i.e. Macbook with M1 chip, download privado-darwin-arm64.tar.gz from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-arm64.tar.gz
$ chmod +x privado
$ mv privado /usr/local/bin/
AMD64 (Intel Chip)
To setup privado for macOS (amd64), download privado-darwin-amd64.tar.gz from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-amd64.tar.gz
$ chmod +x privado
$ mv privado /usr/local/bin/
Linux
To setup privado on your linux system, download the respective zip from latest release for your platform. Navigate to the download directory and run the following commands:
ARM64
$ tar -xf ~/.privado/privado-linux-arm64.tar.gz
$ chmod +x privado
$ mv privado /usr/bin/privado
AMD64
$ tar -xf ~/.privado/privado-linux-amd64.tar.gz
$ chmod +x privado
$ mv privado /usr/bin/privado
Windows
To setup privado on your windows system, download privado-windows-amd64.zip from latest release. Navigate to the download directory and run the following bash commands:
$ mkdir -p $HOME/.privado/bin
$ unzip -o privado-windows-amd64.zip -d $HOME/.privado/bin
$ chmod +x $HOME/.privado/bin/privado
$ echo "export PATH=\$PATH:$HOME/.privado/bin" >> $HOME/.bashrc
Open a new session or source profile for effects to take place in the same session:
$ source $HOME/.bashrc
When using WSL, we recommend moving the binary to /usr/bin instead for optimal experience across users. Refer to steps for Linux for more information.
Build Privado CLI Locally
If you do not wish to use the pre-built binaries shipped in releases, you can choose to build Privado CLI locally. To do this, make sure that GoLang is installed and follow the following steps:
- Clone the repository:
git clone https://github.com/Privado-Inc/privado.git - Change directory:
cd privado - Skip this step if you intend to build the
mainbranch.
To build the latest stable release, checkout thelatesttag:git checkout latest - Build with Go:
go build - You can now run
./privado.
For convenience, we recommend moving privado to a $PATH directory. You can refer to manual installation steps for more details.
Authenticating
Privado CLI requires a license key to run scans. To generate a license, run the following command:
privado auth <your_email@example.com>
A copy of the license will be emailed to you.
To authenticate and bootstrap the app using the generated license, run:
privado bootstrap </path/to/privado-license.json>
and done! You are all set to scan your projects and generate compliance reports.
Please note that generated licenses are valid for 1 year from the date of issue.
For more information about licensing, feel free to get in touch with us on Slack or Email.
Running a Scan
Privado CLI works on the client-end and does not share any files, code-snippets, results, or reports during the complete lifecycle.
To scan a repository, simply run:
privado scan <path/to/repository>
Depending on repository size and system configuration, time to scan can vary. Post completion, the results can be viewed on localhost:3000.
To use a different port, simply use the -p (or --port) flag:
privado scan <path/to/repository> -p 5001
Results and reports (if generated), are saved to repository/.privado. We encourage keeping .privado folder as a part of your repository to facilitate report collaboration and share privacy discovery.
Loading Results
At any point in time, you can directly load the existing results without running the entire scan and continue to generate or modify reports:
privado load <path/to/repository>
This is also helpful for huge codebases and projects with multiple collaborators.
Command Reference
The section contains detailed reference to privado commands.
Privado CLI Global Flags
| Flag | Description |
|---|---|
-h, --help |
Help about any command, or sub-command |
-l, --license <string> |
The license file to be used. Overrides the default bootstrapped license (default "/Users/ojaswa/.privado/license.json") |
Privado CLI Commands
| Command | Description | Usage | Supported Flags |
|---|---|---|---|
auth |
Generate license for Privado | privado auth |
- |
bootstrap |
Authenticates Privado using the requested license and generates required configurations | privado bootstrap [flags] |
--overwrite: Overwrites the existing license fil (if any) |
completion |
Generate the autocompletion script for privado for the specified shell. See each sub-command's help for details on how to use the generated script. | privado completion [command] |
- |
help |
Help about any command | privado help [command] |
- |
scan |
Scan a codebase or repository to identify privacy issues and generate compliance reports | privado scan [flags] |
-o, --overwrite: If specified, the warning prompt for existing scan results is disabled and any existing results are overwritten -p, --port : The port t be used to render HTML results (default 3000) --debug: To enable underlying process output for debugging purposes |
load |
Load a scanned codebase or repository and continue generating compliance reports. It skips privacy scan and loads the results present in the target repository (.privado directory) |
privado load [flags] |
-p, --port : The port t be used to render HTML results (default 3000) --debug : To enable underlying process output for debugging purposes |
What does it cost?
Privado is free for:
- Open Source Projects
- For individual developers and small teams.
How Privado CLI handles your data?
Privado CLI tool was engineered with security in mind. Our tool runs the scan locally on your machine and your code never leaves your system.
Documentation
¶
There is no documentation for this package.
Source Files
Directories