privalyse-cli 0.3.3

Privacy scanner with GDPR compliance reports - Zero config, instant insights

The Linter for Privacy

Catch PII leaks & secrets before they hit production.

---

Privalyse is a static analysis tool that builds a Semantic Data Flow Graph of your application. It traces data from source to sink to detect privacy violations that regex-based tools miss.

• ❌ Traditional Linter: "Variable user_email used in line 42."
• ✅ Privalyse: "User Email (Source) → Prompt Template → OpenAI API (Sink) → Logs (Leak)."

---

⚡ Quick Start

Local

Install and run in seconds. No config required.

pip install privalyse-cli
privalyse
# ✅ Done. Check scan_results.md

GitHub Actions

Add to your CI pipeline in 30 seconds.

# .github/workflows/privacy.yml
name: Privacy Scan
on: [push, pull_request]

jobs:
  privalyse:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Privalyse
        uses: privalyse/privalyse-cli@v0.3.1

Pre-Commit Hook

Catch leaks before you commit.

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: privalyse
        name: Privalyse Scan
        entry: privalyse
        language: system
        pass_filenames: false

GitLab CI

# .gitlab-ci.yml
privalyse_scan:
  script:
    - pip install privalyse-cli
    - privalyse --out report.md
  artifacts:
    paths: [report.md]

GitHub Code Scanning (SARIF)

Integrate findings directly into GitHub Security tab.

      - name: Run Privalyse
        uses: privalyse/privalyse-cli@v0.3.1
        with:
          format: 'sarif'
          out: 'results.sarif'

      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results.sarif

---

🚀 Features

🕵️‍♂️ Secret Detection

Detects hardcoded API keys, tokens, and credentials before they are pushed.

• Supports: AWS, Stripe, OpenAI, Slack, and generic high-entropy strings.

🗣️ PII Leak Prevention

Identifies Personal Identifiable Information (PII) leaking into logs, external APIs, or analytics.

• Detects: Emails, Phone Numbers, Credit Cards, SSNs.
• Context Aware: Understands variable names like user_email or client_id.

⚖️ GDPR & Data Sovereignty

Maps data flows to ensure compliance.

• Flags: Data transfers to non-EU providers (e.g., OpenAI, AWS US-East).
• Verifies: Usage of sanitization functions before data egress.

🤖 AI Guardrails

Specialized checks for LLM-integrated applications.

• Prevents: Sending sensitive customer data to model prompts.
• Audits: LangChain and OpenAI SDK usage.

---

🤖 For AI Agents & MCP Servers

Privalyse is designed to be agent-friendly. If you are building an AI coding agent or using an MCP (Model Context Protocol) server, Privalyse provides structured outputs that agents can understand.

privalyse --format json --out privalyse_report.json

Agents can read the JSON report to autonomously fix privacy leaks in the codebase.

---

🗺️ Roadmap

• Python Support (AST Analysis)
• JavaScript/TypeScript Support (AST & Regex)
• Cross-File Taint Tracking
• VS Code Extension (Coming Soon)
• Custom Rule Engine

🤝 Contributing

We love contributions! Check out CONTRIBUTING.md to get started.

📄 License

MIT License. See LICENSE for details.