PHI/PII Scanner for CI/CD pipelines. HIPAA & FHIR compliant. Local execution only.
Project description
PhiScan
HIPAA & FHIR compliant PHI/PII scanner for CI/CD pipelines. Local execution only — no PHI ever leaves your infrastructure.
What it does
PhiScan scans source code for Protected Health Information (PHI) and Personally Identifiable Information (PII) before it reaches your main branch. It integrates into CI/CD pipelines to block pull requests that contain exposed PHI.
All scanning runs locally inside your pipeline runner. Nothing is sent to an external API.
Install
pipx install phi-scan
Or with uv:
uv tool install phi-scan
Usage
# Scan a directory
phi-scan scan ./src
# Scan only files changed in the last commit
phi-scan scan --diff HEAD~1
# Scan a single file
phi-scan scan --file path/to/handler.py
# Output as JSON
phi-scan scan ./src --output json
# Show help
phi-scan --help
Contributing
Branch protection rules
The main branch is protected. All changes arrive via pull request. No one pushes directly to main.
| Rule | Setting |
|---|---|
| Require CI to pass before merge | All jobs in ci.yml must pass (lint, typecheck, tests on all 3 platforms) |
| Require at least one review | Enforced when collaborators join the project |
No direct pushes to main |
Branch protection enforced via GitHub settings |
To configure these rules: Settings → Branches → Add branch protection rule → main, then enable:
- "Require a pull request before merging"
- "Require status checks to pass before merging" → select the
CIworkflow jobs - "Do not allow bypassing the above settings"
CI workflows
| Workflow | Trigger | What it does |
|---|---|---|
ci.yml |
Every push and PR targeting main |
Lint (ruff), typecheck (mypy), tests (pytest + coverage) on Python 3.12 × ubuntu/macos/windows |
release.yml |
Push of a v* tag |
Runs tests, builds sdist + wheel, publishes to PyPI, creates GitHub Release |
claude-review.yml |
Every PR open/update | Posts an automated Claude code review comment |
License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file phi_scan-0.3.0.tar.gz.
File metadata
- Download URL: phi_scan-0.3.0.tar.gz
- Upload date:
- Size: 135.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ed3bfe26e0c2ad92ceec9bb6f491a87e7f5fb5e5efb1cdb073ac971ed4f7e33
|
|
| MD5 |
e429ce774bba30100382ab71c8526341
|
|
| BLAKE2b-256 |
8bb457d86ab4793a9813c3bfd7ff010b0e0d942400298e87317ad5d328d57898
|
File details
Details for the file phi_scan-0.3.0-py3-none-any.whl.
File metadata
- Download URL: phi_scan-0.3.0-py3-none-any.whl
- Upload date:
- Size: 146.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.9 {"installer":{"name":"uv","version":"0.10.9","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
444b33a4832b5ce19a6359fbb06b86a56eeb86fb8237a381dab00fd5c217d12e
|
|
| MD5 |
f19c904b08625e1f7ff12ad9156636f6
|
|
| BLAKE2b-256 |
fc2f9827a29c2407d34e70d050d7eb54ed933713f15818e5e76aea90913bd007
|
