# Performing Scans Based on Policies

Use the `policy` command to initiate scans based on defined policies:

```bash
fourclover policy -targetdir mytargetdir -policydir /path/to/policyfiles -out policy_scan_report.json
```

The `-targetdir` option specifies the directory to be scanned.

The `-policydir` option specifies the directory containing policy files.

The `-out` option specifies the output file for the policy scan report.

**Example Policy File (`badword-policy.yaml`):**

```yaml
rules:
  - rule_id: "word-hunter"
    meta:
          type: "simple"
          name: Word Detective
          author: VC
          severity: high
          description: The code includes prohibited terminology.
          reference:
            - https://owasp.org/www-project-code-review-guide/
          classification:
              cvss-score: 6.8
              cvss-metrics: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
          tags: ["security-review", "terminology", "code-review"]

    simple:
        patterns:
          a: "access_token"
          b: "api_key"
          c: "password"
        condition: (a and c) or b
```

**Performing Scans Based on Defined Policies:**

```bash
fourclover policy -targetdir mytargetdir -policydir /path/to/policyfiles -out policy_scan_report.json
```

Policy-based scanning enables you to automate compliance checks and security assessments. By applying predefined rules, you can quickly identify files that violate policy conditions, ensuring adherence to security best practices.

**Example Policy Scan Output File (`policy_scan_report.json`):**

```json
{
    "title": "Policy Report",
    "date": "2023-08-13T16:51:01+05:30",
    "working_dir": "mytargetdir",
    "summary": "Findings reported in the policy report are based on the policy rules defined in the policy file.",
    "findings": [
        {
            "rule_id": "word-hunter",
            "name": "Word Detective",
            "type": "simple",
            "description": "The code includes prohibited terminology.",
            "file_hash": "45f089de61c419b25277ed52f6d755f6688bc127627604a5aeb36ab79c22cbba",
            "file_path": "ibm/package.json",
            "references": [
                "https://owasp.org/www-project-code-review-guide/"
            ],
            "classification": [
                {
                    "cvss_score": 6.8,
                    "cvss_vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
                }
            ],
            "tags": [
                "security-review",
                "terminology",
                "code-review"
            ]
        }
    ]
}
```

The output of a policy-based scan will provide detailed information about files that meet or violate the defined policy rules. This approach enhances your organization's security posture and minimizes manual compliance efforts.