INTERCEPT v1.4 releases: Policy as Code Static Analysis Auditing
Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works on Mac, Linux, and Windows.
How it works
- intercept binary
- policies yaml file
- (included) ripgrep binary
- (optional) exceptions yaml file
Intercept merges environment flags, policies yaml, exceptions yaml to generate a global config. Uses ripgrep to scan a target path for policy breaches recursively against your code and generates a human-readable detailed output of the findings.
- Simple and powerful free drop-in alternative for Hashicorp Sentinel if you are more comfortable writing and maintaining regular expressions than using a new custom policy language.
- Do you find Open Policy Agent rego files too much sugar for your pipeline?
- Captures the patterns from git-secrets and trufflehog and can prevent sensitive information to run through your pipeline. (trufflehog regex)
- Identifies policy breach (files and line numbers), reports solutions/suggestions to its findings making it a great tool to ease onboarding developer teams to your unified deployment pipeline.
- Can enforce style-guides, coding-standards, best practices and also report on suboptimal configurations.
- Can collect patterns or high entropy data and output it in multiple formats.
- Anything you can crunch on a regular expression can be actioned on.
Copyright (C) 2020 xfhg