Running a Scan
Requirements: Privado requires Docker and an Internet connection for fetching its scanning engine (provided as Docker images) for the first time. To install docker, you can follow the steps stated in the official documentation. Linux users should also follow docker post installation steps in order to run Privado CLI without root (
The simplest way to run a Privado scan is by just doing,
privado scan <source directory>
This begins analyzing the app, fetching/updating the analysis engine and then performing the scan of target source directory locally.
Upon completion, results are generated locally under
<source directory>/.privado/privado.jsonfile. This file contains all the information such as discovered data elements, data inventory, data flows to 3rd party, logs, and other sensitive sinks etc. Optionally, when configured, the scan can also send its results to Privado dashboard for visualisation. To know more about how to view results on dashboard, click here.
You can view all advanced options using
privado scan --helpand can be run using
privado scan <source directory> [OPTIONS]A few of the options are summarized below
While Privado scans rarely take more than 7 minutes even for very large java repositories, static analysis due to its nature can be a resource intensive process. If your scan is timing out, try the following approaches to manage resources used by Docker and JVM:
- 1.Limit the RAM consumed by docker. Reference: Runtime options with Memory, CPUs, and GPUs](https://docs.docker.com/config/containers/resource_constraints/)
- 2.Specific to Java, we can also set the env variables of docker according to host machine configuration, Reference: How To Configure Java Heap Size Inside a Docker Container | Baeldung](https://www.baeldung.com/ops/docker-jvm-heap-size)