Skip to content

SCAN Type Policies

SCAN-type policies are designed to identify and flag patterns or a collection of known patterns within your target codebase that should ideally be absent. These undesirable patterns may include, but are not limited to, exposed API keys, secrets, overly permissive CIDR ranges in security groups, improperly enabled configuration parameters, or even instances of code, script, or proxy definition misuse that could pose risks to your environment.

This proactive approach allows developers and security professionals to systematically weed out configurations or code snippets that contradict best practices or security guidelines, thereby enhancing the overall security posture and compliance of the codebase.

With an extensive library of over 1,500 predefined patterns available for selection, our tool offers a comprehensive means to safeguard your codebase against common pitfalls and security vulnerabilities. To illustrate, consider the following simplified example:


Can be run directly from the container, check the bottom of the page.


The setup

intercept config -r 
intercept config -a /app/examples/policy/assure.yaml
intercept scan -t /app/examples/target -i "AWS"
cat intercept.audit.sarif.json


All rule types can be filtered by a combination of TAGS, ENVIRONMENT name and their own ENFORCEMENT levels. Make sure to explore it.

The Policy

- name: Private key committed in code
    id: 100
    description: Private key committed to code version control
    error: This violation immediately blocks your code deployment
    solution: Revoke the detected key
    tags: KEY,CERT
    type: scan
    fatal: true
    enforcement: true
    environment: all
    confidence: high
      - \s*(-----BEGIN PRIVATE KEY-----)
      - \s*(-----BEGIN RSA PRIVATE KEY-----)
      - \s*(-----BEGIN DSA PRIVATE KEY-----)
      - \s*(-----BEGIN EC PRIVATE KEY-----)
      - \s*(-----BEGIN OPENSSH PRIVATE KEY-----)
      - \s*(-----BEGIN PGP PRIVATE KEY BLOCK-----)

SARIF Output

  "version": "2.1.0",
  "$schema": "",
  "runs": [
    ... REDACTED
      "results": [
          "ruleId": " PRIVATE KEY COMMITTED IN CODE",
          "ruleIndex": 0,
          "level": "error",
          "message": {
            "text": "Private key committed to code version control"
          "locations": [
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "/app/examples/target/long.code"
                "region": {
                  "startLine": 10927,
                  "endLine": 10927,
                  "snippet": {
                    "text": "-----BEGIN PGP PRIVATE KEY BLOCK-----"

Console Output

 SCAN Rule # 100
 Rule name :  Private key committed in code
 Rule description :  Private key committed to code version control
 Impacted Env :  all
 Confidence :  high
    10928:-----BEGIN PGP PRIVATE KEY BLOCK-----

  This violation immediately blocks your code deployment

 Rule :  Private key committed in code
 Target Environment :  all
 Suggested Solution :  Revoke the detected key


Run it

docker pull

docker run -v --rm -w $PWD -v $PWD:$PWD -e TERM=xterm-256color intercept config -a examples/policy/assure.yaml

docker run -v --rm -w $PWD -v $PWD:$PWD -e TERM=xterm-256color intercept scan -t examples/target