{"id":51129577,"url":"https://github.com/judahpaul16/plume","last_synced_at":"2026-06-25T11:00:51.813Z","repository":{"id":366228109,"uuid":"1275041134","full_name":"judahpaul16/plume","owner":"judahpaul16","description":"Map how user information flows through any codebase or infrastructure into a readable graphic","archived":false,"fork":false,"pushed_at":"2026-06-20T20:10:07.000Z","size":43498,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-20T22:07:13.480Z","etag":null,"topics":["charts","cli","data-flow","data-visualization","documentation","flow","observability","pii","reports","tooling"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/judahpaul16.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-20T07:10:26.000Z","updated_at":"2026-06-20T20:08:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/judahpaul16/plume","commit_stats":null,"previous_names":["judahpaul16/plume"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/judahpaul16/plume","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/judahpaul16%2Fplume","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/judahpaul16%2Fplume/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/judahpaul16%2Fplume/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/judahpaul16%2Fplume/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/judahpaul16","download_url":"https://codeload.github.com/judahpaul16/plume/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/judahpaul16%2Fplume/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34771664,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-25T02:00:05.521Z","response_time":101,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["charts","cli","data-flow","data-visualization","documentation","flow","observability","pii","reports","tooling"],"created_at":"2026-06-25T11:00:51.089Z","updated_at":"2026-06-25T11:00:51.807Z","avatar_url":"https://github.com/judahpaul16.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Plume\n\n**One command. A readable map of how user information flows through any codebase or infrastructure: where personal data enters, where it is stored, where it is sent, and where it leaks.**\n\n[![CI](https://img.shields.io/github/actions/workflow/status/judahpaul16/plume/ci.yml?branch=main\u0026label=CI\u0026style=flat-square)](https://github.com/judahpaul16/plume/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/judahpaul16/plume?style=flat-square\u0026label=release)](https://github.com/judahpaul16/plume/releases)\n[![Go](https://img.shields.io/github/go-mod/go-version/judahpaul16/plume?style=flat-square)](go.mod)\n[![Go Report Card](https://goreportcard.com/badge/github.com/judahpaul16/plume)](https://goreportcard.com/report/github.com/judahpaul16/plume)\n[![License: MIT](https://img.shields.io/github/license/judahpaul16/plume?style=flat-square)](LICENSE)\n\n\u003cimg src=\"screenshots/demo.gif\" alt=\"Plume demo\" width=\"100%\"\u003e\n\n\u003c/div\u003e\n\n```sh\nplume                                   # scan the current directory and open the graphic\nplume ./service ./infra ./other-repo    # scan several paths as one graph\nplume --out flow.png .                  # write a PNG (or .svg / .jpg) instead of HTML\nplume open ./reports                    # browse a folder of saved reports\n```\n\n## What is Plume?\n\nPlume is a single static binary that maps where personal data enters your system,\nwhere it is stored, where it is sent, and where it leaks. Point it at a repo, several\nrepos, or an infrastructure folder; it scans the code and the infrastructure-as-code,\nbuilds a normalized flow graph, and opens a self-contained interactive view in your\nbrowser (or writes a static image).\n\nNo setup, no config, no annotations, no cloud account. Download the binary and run it.\n\n## Features\n\n- **Zero config.** One binary, no project setup, no annotations, no runtime dependencies.\n- **Language-agnostic.** An embedded, pure-Go tree-sitter runtime parses 200+ languages.\n- **Code and infrastructure in one graph.** Terraform/HCL, compose, Kubernetes, and\n  Serverless resources refine the picture, so a code-level \"Database\" becomes\n  \"PostgreSQL (Amazon RDS)\".\n- **Sensitivity-aware.** A built-in dictionary classifies personal data (PII, financial,\n  credential, health, special) and colors every flow by the most sensitive category it carries.\n- **Interactive viewer.** Focus a node's lineage, drag to rearrange, filter by sensitivity,\n  search, toggle a Sankey view, and export to PNG, SVG, or JPG.\n- **Static image output.** Render straight to SVG, PNG, or JPG from the CLI, no browser.\n- **Blackbox mode.** Collapse code internals into one node for sharing externally.\n- **Fast.** Parallel parsing across cores; a hundred-file repo finishes in a few seconds.\n\n## Screenshots\n\n| Interactive graph | Flow volume (Sankey) |\n| :---: | :---: |\n| \u003cimg src=\"screenshots/graph.png\" alt=\"Interactive graph\" width=\"100%\"\u003e | \u003cimg src=\"screenshots/sankey.png\" alt=\"Sankey view\" width=\"100%\"\u003e |\n\nBoth views render straight to a static `.svg`, `.png`, or `.jpg` from the CLI with no\nbrowser (`--out flow.png`, add `--sankey` for the volume view).\n\n## What it detects\n\n- **Sources**: the user, the origin of personal data.\n- **Services**: your code files that handle it.\n- **Stores**: database, ORM, cache, object-store, and queue writes.\n- **Sinks**: logger and stdout writes.\n- **External**: HTTP calls to non-local hosts, known SDKs (Stripe, Twilio, Segment,\n  Sentry), and email or messaging sends.\n- **Categories**: personal data recognized by identifier name, each with a sensitivity\n  (PII, financial, credential, health, special).\n\nA flow that carries a sensitive category into a log sink or a third party is exactly what\na privacy review looks for.\n\n## How it works\n\n`collectors -\u003e normalized flow graph -\u003e renderer`. Files are detected and parsed with an\nembedded, pure-Go tree-sitter runtime, in parallel across cores. Extraction is zero-config\nstatic heuristics plus a personal-data dictionary: it surfaces candidate flows and filters\nobvious placeholder data. Infrastructure-as-code is correlated to the code that targets it\nby env var, resource name, and host. The graph is inlined into a self-contained HTML viewer,\nor rendered to a static image.\n\nExtraction is best-effort by nature; widen the dictionary and call patterns in\n`internal/scan` for your stack.\n\n## Who it's for\n\n- **Privacy and security reviews**: see at a glance which sensitive categories reach third\n  parties or logs.\n- **DPIA and records of processing**: a starting inventory of what personal data the system\n  handles and where it goes.\n- **Audits and onboarding**: a readable map of an unfamiliar codebase's data flows.\n\n## Install\n\n**macOS / Linux** — one line, no Go required:\n\n```sh\ncurl -fsSL https://raw.githubusercontent.com/judahpaul16/plume/main/install.sh | sh\n```\n\n**Windows** — PowerShell:\n\n```powershell\nirm https://raw.githubusercontent.com/judahpaul16/plume/main/install.ps1 | iex\n```\n\n**With Go** — any OS (`go install` is the `cargo install` equivalent):\n\n```sh\ngo install github.com/judahpaul16/plume@latest\n```\n\nThe script detects your OS and architecture and installs the latest static binary\n(`CGO_ENABLED=0`) to `/usr/local/bin`, falling back to `~/.local/bin`. `go install` puts it in\n`$(go env GOPATH)/bin`; add that to your `PATH`:\n\n```sh\nexport PATH=\"$PATH:$(go env GOPATH)/bin\"   # add to ~/.bashrc or ~/.zshrc to persist\n```\n\nPrebuilt binaries are also on the [Releases](https://github.com/judahpaul16/plume/releases) page.\n\n## Usage\n\n```\nplume [flags] [path ...]      scan paths (default: current dir) and open the graphic\nplume open \u003cfile|dir\u003e         reopen a saved report, or pick from a folder of reports\nplume version                 print the version\nplume help                    print help\n\n  --out FILE     output file; .html is interactive, .svg/.png/.jpg are static images\n  --no-open      write the report but do not serve or open a browser\n  --blackbox     collapse code files into one Application node and hide file paths\n  --json         print the flow graph as JSON and exit\n```\n\n`--out` picks the format by extension: `.html` (default) renders the interactive viewer;\n`.svg`, `.png`, and `.jpg` render a static image directly from the CLI. `plume open`\nreopens any of those, and given a directory it serves a picker gallery of every report in\nthe folder.\n\n`--blackbox` merges every code file into a single \"Application\" node and drops file:line\nevidence, so the picture shows User to Application to stores, sinks, and third parties\nwithout exposing internals.\n\n## Accuracy\n\nPlume is a static, zero-config heuristic scanner: it surfaces candidate flows from\nidentifier names and call shapes and filters obvious placeholder data. It is a fast first\nmap, not a guarantee of completeness. Tune the dictionary and patterns in `internal/scan`\nto fit your stack.\n\n## Contributing\n\nIssues and pull requests are welcome. The scanner's dictionary and call patterns live in\n`internal/scan`, the graph model in `internal/graph`, the renderers in `internal/report`,\nand the viewer in `web`.\n\n## License\n\n[MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjudahpaul16%2Fplume","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjudahpaul16%2Fplume","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjudahpaul16%2Fplume/lists"}