PrivScan

Local-First Deterministic Security & Privacy Scanner (CLI)

Comment

Inspiration

Security breaches often don’t happen because of advanced hacking, but because of small mistakes—like an API key accidentally pushed to GitHub or sensitive data left in config files. Big companies like Uber, Facebook, and even Twitter have faced serious issues due to leaked credentials or misconfigurations. As a student and fresher, I noticed that most security tools are either cloud-based, expensive, or too complex to understand. I wanted to build something simple, offline, and practical that developers can run locally before sharing or deploying their code. That idea led to PrivScan.

What it does

PrivScan is a local-first CLI security scanner that scans source code and configuration files to detect:

  • Hardcoded secrets like API keys, tokens, and passwords
  • Sensitive information such as emails and phone numbers (PII)
  • Insecure coding or configuration patterns

It produces clear CLI output along with a structured JSON report so developers can quickly understand what went wrong and where.

How we built it

PrivScan is built using Python as a command-line tool. It works by:

  1. Walking through project directories
  2. Filtering valid source and config files
  3. Applying YAML-defined, regex-based rules
  4. Generating normalized findings with severity levels

The core idea was to keep everything deterministic, explainable, and offline. Testing was done using pytest, and the CLI was built using standard Python libraries to keep the tool lightweight.

Challenges we ran into

One major challenge was avoiding false positives while still catching real security issues. Writing regex rules that are strict but flexible took careful testing. Another challenge was designing the tool to work smoothly on low-resource machines, which meant avoiding heavy dependencies or cloud services.

Accomplishments that we're proud of

  • Built a fully working end-to-end CLI security scanner
  • Designed a rule-based engine that is easy to extend
  • Achieved offline-first execution with clear outputs
  • Created clean JSON reports suitable for automation or CI use

What we learned

This project helped me understand:

  • How real-world security mistakes happen in code
  • The importance of explainable security tooling
  • Designing developer-friendly CLI tools
  • Writing testable, modular backend systems

It also gave me deeper insight into how security engineering differs from general application development.

What's next for PrivScan

Future improvements include:

  • Git pre-commit hook integration
  • CI/CD pipeline support
  • More advanced PII and secret detection rules
  • Risk scoring and prioritization
  • A more advanced version with workflow-based scanning

PrivScan is just the beginning, and I plan to keep evolving it into a stronger developer security tool.

Built With

Share this project:

Updates