Privado scans code repositories of your products, applications & services to surface privacy & data security information. Like SAST tools, Privado is a privacy scanner that connects with source code management tools like GitHub, GitLab & BitBucket.
What is a Privacy Scanner?
A privacy scanner surfaces the complete data lifecycle including collection, sharing, storage, leakage, and processing personal data by application code. It is similar to SAST tools in terms of connecting to SCM & CI/CD tools for scanning code repositories but differs by focussing on personal data & its uses.
Personal data is defined as per laws like EU GDPR and CPRA which is any data linked directly or indirectly to a user. This includes identifiers like PII(Email, SSN, AD-IDs), Sensitive Data(Health Data, Biometric Data, PCI Data) and a broader set of personal data. Privado currently supports & discovers over 200 data elements.
A privacy scanner has the following components:
Data Discovery: Discover & Classify personal data processed by the application
Collection point Discovery: Discover collection points of personal data including forms, API rest end points & app permissions
Data Destination Discovery: Discover destinations or sinks of personal data including third parties(sharing), databases(storage), leakages(logs, SIEM), internal APIs(services)
Data Flow Discovery: Discover flows of personal data across infrastructure, third parties & micro-services
By focusing on personal data, Privado automates privacy compliance requirements & surface any data leakages or excessive data sharing by applications built by developers. Here are some use cases of Privado: