Note: This repository is a copy of v1.x releases of Privado Data Safety Generator (earlier, Privado) and is archived in favor of complete overhaul of Privado CLI (v2.0). Privado v2.0 introduces dataflows with a wide array of detections and use-cases. The equivalent GoLang interface has now been moved Privado CLI, and the new scan engine is open-sourced and available at Privado Core.
The project is stable and users may choose to continue using this tool for datasafety report generation. However, this is not under active development and requested features may not be implemented.
Privado User Documentation
Privado is a static code scanning tool to find, fix and remediate privacy issues in your products & applications. Our scan discovers what personal data(as defined by GDPR, other laws) your app is processing, third-party integrations, data flows. With our scan results, we generate privacy reports for your apps as mandated by laws like GDPR or platforms like Apple and keep them in sync with code changes.
- Data Elements: These are personal data that your app is collecting, sharing, processing. Here is a list of data elements that we are discovering.
- Third-Parties: Any third-party integrations inside your code, via APIs or SDKs/libraries.
- APIs: We also discover any internal APIs that your app is connected with.
- Datastores(not released yet, still beta): Identify the databases where you are sourcing the data from or sending the data.
- Privacy Vulnerabilities(not released yet, still beta): Code issues that exist which can lead to privacy vulnerabilities
This is the first use case that we are live with. Currently, to fill the data safety form Android developers have to ask around in the team to find what data they are collecting, spend hours reading the documentation of SDKs to find data shared, and navigate the complex Playstore form. With our scan, we pre-fill data types collected, shared, and guide you with our wizard to generate the data safety report. This is how it works:
- It’s a CLI tool that does a static scan of your android app’s code to find data types collected, SDKs
- We look at Android permissions, user forms to detect Android Data Type. For the third party, we find relevant SDKs, Libraries & API calls
- Guided workflow to help you fill the rest of the data safety form
- Generates a CSV that you can import to Play Console
- Scan runs locally, no code ever leaves your machine.
Privacy Engineers can use our CLI tool as an MRI for products, applications and find out privacy risks. With our scans, privacy engineers save the time they have to spend chasing engineers with assessments and can directly start prescribing privacy controls for data minimization, sharing, etc.
- Generating Apple Nutrition Label Report
- Generating privacy compliance reports like GDPR Article 30 or RoPA report
- Detecting Privacy Vulnerabilities in current code implementation
Prerequisite – Docker
To start off, make sure
docker is installed. To install docker, you can follow the steps stated in the official documentation. Linux users should also follow docker post installation steps in order to run Privado CLI without root (
You can install Privado CLI in multiple manners:
The installation script will download and setup the latest stable release for you as per your OS and arch. Run:
curl -o- https://raw.githubusercontent.com/Privado-Inc/privado-datasafety/main/install.sh | bash
To uninstall, simply delete
Install using Go
If you are a GoLang fan, you can use the
go install command to install the Privado CLI:
go install github.com/Privado-Inc/[email protected]
This will place the
privado binary in your
GOPATH‘s bin directory. This directory must be added to the
$PATH environment variable. You can learn more here.
Install Release Manually
We use GitHub Releases to ship versioned
privado releases for supported platforms. You can download a executable of Privado CLI for your platform.
To know your architecture, you can run:
$ uname -m
For detailed platform-specific instructions to setup
privado, refer below:
ARM64 (M1 Chip)
privado for macOS (arm64) i.e. Macbook with M1 chip, download
privado-darwin-arm64.tar.gz from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-arm64.tar.gz $ chmod +x privado $ mv privado /usr/local/bin/
AMD64 (Intel Chip)
privado for macOS (amd64), download
privado-darwin-amd64.tar.gz from the latest release.
Navigate to the download directory and run:
$ tar -xf ~/.privado/privado-darwin-amd64.tar.gz $ chmod +x privado $ mv privado /usr/local/bin/
privado on your linux system, download the respective zip from latest release for your platform. Navigate to the download directory and run the following commands:
$ tar -xf ~/.privado/privado-linux-arm64.tar.gz $ chmod +x privado $ mv privado /usr/bin/privado
$ tar -xf ~/.privado/privado-linux-amd64.tar.gz $ chmod +x privado $ mv privado /usr/bin/privado
privado on your windows system, download
privado-windows-amd64.zip from latest release. Navigate to the download directory and run the following
$ mkdir -p $HOME/.privado/bin $ unzip -o privado-windows-amd64.zip -d $HOME/.privado/bin $ chmod +x $HOME/.privado/bin/privado $ echo "export PATH=\$PATH:$HOME/.privado/bin" >> $HOME/.bashrc
Open a new session or source profile for effects to take place in the same session:
$ source $HOME/.bashrc
Build Privado CLI Locally
If you do not wish to use the pre-built binaries shipped in releases, you can choose to build Privado CLI locally. To do this, make sure that GoLang is installed and follow the following steps:
- Clone the repository:
git clone https://github.com/Privado-Inc/privado-datasafety/.git
- Change directory:
- Skip this step if you intend to build the
mainbranch. To build the latest stable release, checkout the
git checkout latest
- Build with Go:
- You can now run
For convenience, we recommend moving
privado to a
$PATH directory. You can refer to manual installation steps for more details.
Privado CLI requires a license key to run scans. To generate a license, run the following command:
privado auth <[email protected]>
A copy of the license will be emailed to you.
To authenticate and bootstrap the app using the generated license, run:
privado bootstrap </path/to/privado-license.json>
and done! You are all set to scan your projects and generate compliance reports.
Running a Scan
Privado CLI works on the client-end and does not share any files, code-snippets, results, or reports during the complete lifecycle.
To scan a repository, simply run:
privado scan <path/to/repository>
Depending on repository size and system configuration, time to scan can vary. Post completion, the results can be viewed on localhost:3000.
To use a different port, simply use the
privado scan <path/to/repository> -p 5001
Results and reports (if generated), are saved to
repository/.privado. We encourage keeping
.privado folder as a part of your repository to facilitate report collaboration and share privacy discovery.
At any point in time, you can directly load the existing results without running the entire scan and continue to generate or modify reports:
privado load <path/to/repository>
This is also helpful for huge codebases and projects with multiple collaborators.
The section contains detailed reference to
Privado CLI Global Flags
||Help about any command, or sub-command|
||The license file to be used. Overrides the default bootstrapped license (default “
Privado CLI Commands
||Generate license for Privado||
||Authenticates Privado using the requested license and generates required configurations||
||Generate the autocompletion script for privado for the specified shell. See each sub-command’s help for details on how to use the generated script.||
||Help about any command||
||Scan a codebase or repository to identify privacy issues and generate compliance reports||
||Load a scanned codebase or repository and continue generating compliance reports. It skips privacy scan and loads the results present in the target repository (
||-p, –port : The port t be used to render HTML results (default 3000) –debug : To enable underlying process output for debugging purposes|
Privado is free for:
- Open Source Projects
- For individual developers and small teams.
Privado CLI tool was engineered with security in mind. Our tool runs the scan locally on your machine and your code never leaves your system.