It would be nice to have an inclusion specifying version of scanning

It would be nice to be able to run a scan against a known set of policies, either in a similar style to the exclusion processing, or through a means like AWS tags. This would be nice in environments where there are separations of responsibility, as when shifting sec ops left to development.