What are Rules?
Last updated
Last updated
Privado has rules to answer contextual questions related to personal data. The journey of tracking data starts from "sources". Sources are where data dictionary is defined. Privado identifies the variables, classes and structures matching sources and tracks the flows to third parties, databases and leakages which are called as "sinks". Threats are code or configuration implementation which have direct impact on data security and privacy. Policies allow you to enforce compliance and data governance rules. The rules present a single common language which embed the knowledge of a privacy and data researcher about sources, sinks, data policies, threats to drive the code analysis engine
All Privado rules are defined in YAML format and generally have the following structure:
The structure of a rule varies a bit based on the types of rules that are defined. For example,
Source rules contains isSensitive
as well as sensitivity
keys so that, based on the values set, the source data is tagged appropriately
Policy rules contain description
that is needed for the issue that gets created when policy is violated. They also contain dataflow
as well as repositories
on which the policy will be applied.
To learn more about rules, you can review the rules directory on Github
Rules directory structure:
Rules are organized in the privado repository under privado/rules
directory. The structure provides a logical way of how rules can be arranged. If you come up with some cool rules, this is where you can drop them in. You may also consider contributing them upstream