HN Showcase
Back to browse
GitHub Repository
4 starsPython

Anaya – CLI that scans codebases for DPDP compliance violations

by sandippathe·Mar 5, 2026·4 points·1 comment
Visit ProjectView on HN

AI Analysis

●●●BangerSolve My ProblemZero to OneNiche Gem

First compliance scanner for India's DPDP Act with concrete violation detection, not just checklist theater.

Strengths
  • Solves a genuine enforcement gap: DPDP rules live Nov 2025, deadline May 2027, zero existing tooling — real timing.
  • Concrete findings on real codebases (Saleor: 4 violations in 82s) prove it works, not vaporware or proof-of-concept.
  • AST parsing + semantic analysis (consent, encryption, deletion endpoints) beats regex rules; catches architecture flaws, not syntax.
Weaknesses
  • Python-only today; 80% of Indian startups use Node, Go, Java — immediate audience ceiling.
  • DPDP rules themselves are still crystallizing (Nov 2025 rules just notified); may chase a moving target through May 2027.
Category
Security
Target Audience

Indian businesses, startups, and engineering teams subject to DPDP Act enforcement; compliance officers automating code audits.

Similar To

Semgrep · SonarQube · Snyk Code

Post Description

I built Anaya to solve a problem I kept seeing: India's DPDP Act is now enforceable (rules notified Nov 2025, deadline May 2027) but compliance is a code problem, not just a legal checklist. No tooling existed for it. Ran it on Saleor (open-source Django e-commerce, 107 models): found 4 violations in 82 seconds — no consent mechanism, 70 PII fields stored plaintext, zero DELETE endpoints for any PII model.

pip install anaya && anaya compliance .

Code: https://github.com/sandip-pathe/anaya-scan

Happy to discuss the AST parsing approach or the DPDP section analyser design.

Similar Projects