Code-level data flow visibility

No more surprises disrupting your business. Stay ahead of development and faulty code - proactively manage your data exposure.

Automated code auditing

Log leaks & SBOM reports

CI/CD pipeline integration

Book a demo

Trusted by

Flows: How it works

Integrate

Optionally connect to your CI/CD process in minutes.

Scan

Discover sensitive data traces in specific lines of code.

Preempt

Send detailed remediation guidance and context to your developers.

Problem

Mapping sensitive data in codebases is hard work.

AppSec can't keep up with auditing multiple and growing codebases. Developers change code and move data around and documentation goes stale.

Solution

A privacy code scanner

Follow the data, continuously and proactively, while it's still inexpensive to fix bugs.

Watch Piano Flows in action

Piiano Flows is a privacy code scanner that statically analyzes source code. It connects to your online source code repository or runs locally as a CLI tool. Track and learn about sensitive data usage and leaks in your applications to avoid war room scenarios.

Piiano Flows proactively identifies these events

Log leaks

Piiano Flows scans for logging APIs and will flag them for you, showing a full traceback of the data being leaked.

Receiving sensitive data

Piiano Flows scans for PII data received by RESTful APIs.

Exposing sensitive data

Piiano Flows scans for PII data being shared via external SDKs and APIs. No more sadow services.

Data inventory

Piiano Flows scans for PII data being persistently stored in database tables.

FAQ

Questions & Answers

Everything you need to know about Piiano Flows is right here.

Didn’t find the answer you are looking for?

Contact our support

Where to start?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Before scanning your own repository, you can take a look at public repositories that we pre-scanned and get a closer look at our product and the value it provides. Alternatively, just hit the “New Scan” button, enter your GitHub repo’s URL, and click “Add Scan.”

How can I scan my repository?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

Why do I need to scan my code?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Piiano Flows lets you find references to PII and other customers’ sensitive data in your source code in minutes instead of weeks of manual work. Knowing which sensitive data types your application collects is necessary for the following tasks:

‍

You want to improve the security of sensitive data, and you aren’t 100% sure which customers’ sensitive data your application collects.
You’re building a data catalog, and you want to quickly identify all the customers’ sensitive data that your application collects.
You’re conducting a PIA (Privacy Impact Assessment) or DPIA (Data Protection Impact Assessment), and you want to identify customers’ sensitive data within your source code to understand the risk and mitigate it.

What information will I get by scanning my repository?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Piiano Flows will provide you:

‍

A list of log leaks! Log leaks are lines of code where the application writes sensitive data to external logs. This creates an exposure risk for your clients and your company and should be avoided. Not to mention that it violates privacy compliance, where you should be able to control all sensitive data. You can use these insights to make sure that the log level that is used is “debug” and not production, or remove/obfuscate identifiers before they’re logged.
A list of customers’ sensitive data types (PII/PCI/PHI) that the application collects, together with the sensitivity level for each type; e.g., it will identify the collection and usage of names, addresses, emails, bank account numbers, passwords, phone numbers, SSNs, credit card numbers, and many more.
For each type of sensitive customer data, it will show you its declaration (class member) and all its usages within your code, together with code snippets and links to your GIT. Knowing which sensitive data the application collects is the first step towards hardening security and privacy. This can be achieved using Piiano Vault.
A list of 3rd-party API calls that will help you ensure that sensitive data is shared only with companies that are compliant with relevant privacy regulations, such as GDPR and CCPA, and that customers’ consent is honored in the relevant cases in the code.

Which OWASP issues are covered?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

For OWASP #1 for 2021, Broken Access Controls, there are:

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Insertion of Sensitive Information Into Sent Data (CWE-201)
Insecure Storage of Sensitive Information (CWE-922)

‍

And for OWASP #9, Security Logging and Monitoring Failures:

Insertion of Sensitive Information into Log File (CWE-532)

‍

As well as OWASP Privacy #2 -Operator-sided Data Leakage.

Accelerating privacy impact assessments (PIA/DPIA) with Piiano Flows

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Piiano Flows can speed up both PIA (Privacy Impact Assessment) and DPIA (Data Protection Impact Assessment) processes by:

‍

Identifying which PII types your organization collects.
Ensuring the collection of necessary PIIs is in line with your stated policy.
Identifying with which 3rd party vendors you share PIIs and verifying their compliance.

‍

Once the Piiano Flows provides visibility into the risk that comes with the liability of collecting PIIs, you can start protecting this data with our vault. The Piiano Vault provides the ability to securely store the collected PIIs and simplify the compliance implementation for this data.

Can I get a data map for my application for GDPR article 30?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Yes, we support that, by providing all sensitive data and how they are touched inside the application. In the report tab you will see it in a summary.

What are the supported programming languages?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

We support scanning Java projects only. Ruby and Golang are coming soon. If you want us to support an additional language, please contact us and let us know.

How long does it take to scan a repository?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

It usually takes a few minutes to scan regular repositories and up to 15 minutes or more to scan larger repositories.

How does this technology work?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Our technology relies on static code analysis algorithms and innovative NLP AI algorithms.

What should I do if I want to use Piiano Flows without sharing the source code with Piiano?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Piiano Flows also supports running offline without sharing your code with us. In this case, it runs as a standalone CLI tool and can be deployed anywhere easily. Contact us to discuss pricing and terms.

Some scans take longer or don’t return any useful reports. What should I do?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

If you scan a big project, it might take a while longer. However, if there are no results or you suspect an error, we appreciate it if you would report a bug, and we will investigate it. Make sure your selected repository’s code is written in the supported programming languages.

Can the scanning results be shared with others?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Sure. On the “All Scans” page, click the three dots next to the “View Scan” button of the scan you want to share, and then click the “Share” option. Copy the URL and share it via email, Slack, or any other medium. Sharing the scanning results will not share your entire source code, only code fragments around the findings.

What is a code scanner?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

A code scanner tool that statically analyzes and scans your source code to identify references to and usages of sensitive data. It is helpful in order to get visibility (sensitive data posture) into privacy violations, such as PII leaks, and track relevant code changes over time. It does not scan for secrets and tokens hard-wired in the source code.

Data cataloging with Piiano Flows

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Data catalogs help data users make better-informed decisions about their organization’s data usage, detailing what data types are stored, where they are, how they are kept and who has access to them, among other things. Data catalog software typically includes a data discovery tool and a data classification tool which require access to production environments.

‍

Supplementing existing data catalogs as a primary code discovery tool that focuses on sensitive customer data, such as PII, PHI, and PCI.
Jump-starting an organization’s entire understanding of sensitive customer data usage and privacy posture.

‍

The Piiano Flows allows you to perform PII usage discovery in minutes, using only a connection to your GitHub repo.

How much does it cost to use Piiano Flows?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Piiano Flows is currently completely free for online scans.
For offline scans, you will have to contact us.

Am I limited in any way using Piiano Flows?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Every user can issue a single scan at a time. An existing scan must be completed or canceled to issue a new one.
Every user can create up to 10 scans a week. It could be either for different repositories or multiple scans for the same repository (useful when the code has changed).

How long will my scan results be saved?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

Your scan results will be saved for 30 days. After this time, they will be deleted automatically. If needed, you can rescan your repository.

What do you do with my source code and data?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

First and foremost – we use it to provide you with the report.
Every time you scan your repository, we fetch the code by git-cloning it, scanning it, and immediately deleting it.
We only keep some code fragments to improve our product and service. These are what you see when you expand the findings (in the scan’s table) to see a few lines of source code related to each sensitive data. This is never shared with anyone and is used to improve and diagnose our systems.

Do you share my code and data with anyone?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

No. Never. Your code will always belong to you. We never share it in any way or sell it. Our business model is based on a free tier, license, and usage payments. Your email address will be only used to send you product-related emails, and you can unsubscribe if you want.

How secure is your system?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

We are SOC2 compliant. We incorporated a whole SSDLC paradigm to develop this tool; therefore, we have a strict security-by-design model. Each scan happens inside an isolated container, always disconnected from other customers’ data. We already have an external contractor doing pentest for this tool, and we’re good.
We actively monitor our systems for security and general issues.
In previous roles, Piiano’s founding team was responsible for the SSDLC and oversaw 700 engineers. We live and breathe security.
If you find security bugs, please email us at security@piiano.com. We give small awards to legit vulnerability reports.

Why should I trust you with my source code?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

We are a recognized team of cybersecurity experts. We love privacy and security and do our best to help companies out there know and protect their sensitive data 10x better. We’re proudly backed by one of the most notable cybersecurity VCs in the world, YL Ventures. You can read more about us here. We’re based in Tel Aviv, Israel.

How do I ensure you don’t have access to my repository anymore?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

The access tokens are valid for only 8 hours.
If you disable your account, we will delete these keys immediately.

Where do I report bugs, errors, or just honest feedback?

You can scan a repository online or with our CLI tool, using this GitHub project.

‍

We support scanning both public and private GIT repositories.
Support for public GIT repositories is limited (for security reasons) to the following vendors list:
- GitHub (github.com)
- GitLab (gitlab.com)
- BitBucket (bitbucket.org)
- AWS Code commit (git-codecommit.<region>.amazonaws.com)
- Source forge (git.code.sf.net)
- Microsoft Azure GIT (dev.azure.com)
- Assembla (git.assembla.com)
We support private GitHub repositories too. To work with private GitHub repositories, you will be asked to approve our access. We do not support private repositories from non-GitHub vendors (such as the ones listed above). Please note that access to a private organizational repository will require the approval of an organization owner. To request approval, click the “Request” button on the app authorization page.

‍

Note - We do not support uploading code.

‍

We’re happy that you care so much about helping us improve our product. Please contact us. We promise to answer!

Show more questions

Code-level data flow visibility

Mapping sensitive data in codebases is hard work.

A privacy code scanner

Watch Piano Flows in action

Piiano Flows proactively identifies these events

Log leaks

Receiving sensitive data

Exposing sensitive data

Data inventory

Questions & Answers

Where to start?

How can I scan my repository?

Why do I need to scan my code?

What information will I get by scanning my repository?

Which OWASP issues are covered?

Accelerating privacy impact assessments (PIA/DPIA) with Piiano Flows​

Can I get a data map for my application for GDPR article 30?

What are the supported programming languages?

How long does it take to scan a repository?

How does this technology work?

What should I do if I want to use Piiano Flows without sharing the source code with Piiano?

Some scans take longer or don’t return any useful reports. What should I do?

Can the scanning results be shared with others?

What is a code scanner?

Data cataloging with Piiano Flows

How much does it cost to use Piiano Flows?

Am I limited in any way using Piiano Flows?

How long will my scan results be saved?

What do you do with my source code and data?

Do you share my code and data with anyone?

How secure is your system?

Why should I trust you with my source code?

How do I ensure you don’t have access to my repository anymore?

Where do I report bugs, errors, or just honest feedback?

Accelerating privacy impact assessments (PIA/DPIA) with Piiano Flows