Edit

How to scan a repository using Privado

Prerequisites

This tutorial assumes that you have the following setup ready:

  • Git, to clone a repository. To install Git, click here

  • Docker (Make sure that the Docker engine is running). To install Docker, click here

  • Privado OSS project. To install Privado, follow these steps

  • A code repository to scan. For this tutorial, we will use BankingSystem-Backend

Clone the repository

To clone the repository, use the following command

git clone https://github.com/saurabh-sudo/BankingSystem-Backend

It should be something similar to the following result:

Cloning into 'BankingSystem-Backend'...
remote: Enumerating objects: 198, done.
remote: Counting objects: 100% (198/198), done.
remote: Compressing objects: 100% (115/115), done.
remote: Total 198 (delta 42), reused 186 (delta 37), pack-reused 0
Receiving objects: 100% (198/198), 99.97 KiB | 10.00 MiB/s, done.
Resolving deltas: 100% (42/42), done.1Cloning into 'BankingSystem-Backend'... 2remote: Enumerating objects: 198, done. 3remote: Counting objects: 100% (198/198), done. 4remote: Compressing objects: 100% (115/115), done. 5remote: Total 198 (delta 42), reused 186 (delta 37), pack-reused 0 6Receiving objects: 100% (198/198), 99.97 KiB | 10.00 MiB/s, done. 7Resolving deltas: 100% (42/42), done.

Not working?

If you do not get the above result, check out the troubleshooting section for help

Running the scan

To start the scan, run the following command

This will start the Privado scan and perform the static code analysis of the project and its dependencies. You will get the following result:

On the console, you can see data elements and corresponding third parties, storages, leakages, collection points, and processing instances detected during the scan. A detailed report is also generated at BankingSystem-Backend/.privado/privado.json.

Note that the actual result can be a bit different from the one shown above. It will depend on the version of Privado OSS installed and the repository that is being scanned

The scan usually runs for less than a minute, depending on the size of the repositories and dependencies.

Not working?

If you do not get the above result, check out the troubleshooting section for help

Analyzing the result

After the scan is completed, the results will be stored in the /.privado/privado.json file inside the repository folder (BankingSystem-Backend in our case)

You can also look at the sample privado.json generated during a scan on 27th Sep 2022.

1MB
privado.json
Open
Sample privado.json generated from the scan

Troubleshooting

Cloning the repository

If you are facing errors while cloning the repository, it can be due to the following reasons:

Git not installed

If you get the above message, it means that Git is not installed. Follow these steps to install Git

Poor network connectivity

Make sure you have a stable internet connection and/or your firewall does not block GitHub repository cloning

Running the scan

If the above command does not start the scan, it can be due to the following reasons:

Docker engine not running

Make sure that Docker is installed and running on your machine.

Unsupported languages

While scanning any repository, make sure that the language is supported by Privado. You can find the languages supported by Privado by clicking here.

PreviousPoliciesNextAdd a new Source

Last updated