Privalyse is a static analysis tool designed to detect privacy violations, PII leaks, and security risks in your code by analyzing data flows.
Privalyse is available as a Python package. You can install it using pip:
pip install privalyse-cliTo scan your current directory, simply run:
privalyseThis will:
- Scan the current directory recursively.
- Detect PII, secrets, and data flows to external sinks (AI models, APIs, etc.).
- Generate a report (
report.mdby default).
You can customize the scan using various flags:
privalyse [OPTIONS]| Option | Description | Default |
|---|---|---|
--root PATH |
Root directory to scan | . (Current directory) |
--out PATH |
Output file path | report.md |
--format TYPE |
Output format (markdown, json, html, sarif) |
markdown |
--debug |
Enable debug logging | False |
--quiet |
Suppress console output (useful for CI) | False |
Scan a specific project folder:
privalyse --root ./my-projectGenerate a JSON report for programmatic analysis:
privalyse --out results.json --format jsonGenerate a SARIF report for GitHub Security integration:
privalyse --out results.sarif --format sarifPrivalyse generates a report containing:
- Compliance Score: A 0-100 score indicating your project's privacy posture.
- Findings: Detailed list of detected issues, categorized by severity (Critical, High, Medium, Low).
- Data Flow Graph: Visual representation of how data moves through your application (in HTML/JSON reports).
- Top Risks: The most critical data flow paths detected.
- CRITICAL: Immediate action required (e.g., Hardcoded secrets, PII sent to AI without sanitization).
- HIGH: Significant privacy risk (e.g., PII logging, Unencrypted data storage).
- MEDIUM: Compliance warning (e.g., Missing data retention policy).
- LOW: Best practice suggestion.