What are Rules?
Privado has rules to answer contextual questions related to personal data. The journey of tracking data starts from "sources". Sources are where data dictionary is defined. Privado identifies the variables, classes and structures matching sources and tracks the flows to third parties, databases and leakages which are called as "sinks". Threats are code or configuration implementation which have direct impact on data security and privacy. Policies allow you to enforce compliance and data governance rules. The rules present a single common language which embed the knowledge of a privacy and data researcher about sources, sinks, data policies, threats to drive the code analysis engine
Rule Structure
All Privado rules are defined in YAML format and generally have the following structure:
The structure of a rule varies a bit based on the types of rules that are defined. For example,
Source rules contains
isSensitive
as well assensitivity
keys so that, based on the values set, the source data is tagged appropriatelyPolicy rules contain
description
that is needed for the issue that gets created when policy is violated. They also containdataflow
as well asrepositories
on which the policy will be applied.
To learn more about rules, you can review the rules directory on Github
Organization
Rules directory structure:
Last updated