INTERCEPT v1.6.1 releases: Policy as Code Static Analysis Auditing

by do son · Published April 16, 2020 · Updated January 23, 2024

INTERCEPT

Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard rail control or simple data collector and inspector. Consider it a weaponized ripgrep. Works on Mac, Linux, and Windows.

How it works

intercept binary
policies yaml file
(included) ripgrep binary
(optional) exceptions yaml file

Intercept merges environment flags, policies yaml, exceptions yaml to generate a global config. Uses ripgrep to scan a target path for policy breaches recursively against your code and generates a human-readable detailed output of the findings.

Use cases

Simple and powerful free drop-in alternative for Hashicorp Sentinel if you are more comfortable writing and maintaining regular expressions than using a new custom policy language.
Do you find Open Policy Agent rego files too much sugar for your pipeline?
Captures the patterns from git-secrets and trufflehog and can prevent sensitive information to run through your pipeline. (trufflehog regex)
Identifies policy breach (files and line numbers), reports solutions/suggestions to its findings making it a great tool to ease onboarding developer teams to your unified deployment pipeline.
Can enforce style-guides, coding-standards, best practices and also report on suboptimal configurations.
Can collect patterns or high entropy data and output it in multiple formats.
Anything you can crunch on a regular expression can be actioned on.