Piiano Flows - Get Started Guide

Scan your first project

With Piiano Flows, you scan Java, Ruby or Golang code stored in a public Git repository or private GitHub repository to obtain a report on data use, data flows, and potential data leaks. To get started:

1. Visit https://scanner.piiano.io/account/signup and register. You can register with a Google or GitHub account or use your email address.

2. From the Flows home page, select Add Project.

3. In the dialogue:
a. Enter the URL of the git repository to scan.
b. Give your project a name.
c. Optionally, add a sub-directory to scan only part of the repository. For example, when you have a monorepo.

4. Select Scan.

5. If you are scanning a private GitHub repository, you are prompted to authorize access to the repository. Authorizing access provides Flows with read-only access to the repository. This access expires after 8 hours.

Your scan starts and can take a few minutes to complete, depending on the size of your repository.

💡 The first step in the scan process is to clone your repository. This clone is saved in a temporary container used to run the scan. When your code has been scanned, the container is destroyed and the copy of the code is permanently deleted.

When the scan finishes, select the project name to see the scan report.

The report includes:

• Dashboard, a summary of the scan findings.
• Storage, details of sensitive data types stored by your application.
• Log Leaks, details of code that writes sensitive data to external logs.
• Outbound, details of third-party API calls that access sensitive data.
• Inbound, details of the declaration (class member) and use of sensitive data in your code.
• Report, a format version of the report that you can download as a PDF.
• Exclusions, details of any files not scanned.

Select the cog icon for options to view or share your scan report, rescan the project, or delete the project.

For more information, see the Flows FAQ.