Custom Scan Rules

Define your own security rules and compliance checks.

Rule Types

Pattern Rules - Match code patterns with regex or Semgrep syntax
Dependency Rules - Allow/block specific packages
Architecture Rules - Enforce code structure
AI Rules - Natural language rules processed by AI

Example: Block Console.log

# lookout.rules.yaml
rules:
  - id: no-console-log
    severity: warning
    message: "console.log should not be in production code"
    pattern: console.log(...)
    languages: [javascript, typescript]
    fix: "Remove or replace with proper logging"

Compliance Presets

Pre-built rule sets for common compliance frameworks:

SOC 2
HIPAA
PCI DSS
GDPR
OWASP Top 10

Ready to Scan?

Get your first security scan free.