I cannot say whether or not this is achievable through programmatic methods but if you have a list of sensitive info types that you want to detect, you could build an eDiscovery case that looks for specific sensitive types and add as many as you want. Since there are over 300 out of the box SITs you may not want to look for all of them and if you have a set list, this could help you. However, it is only able to target an entire site versus a specific folder or file. Once done, within the review sets you could review each matching file and you will see the full contents of that file.
Additionally, you could leverage Microsoft Defender for Cloud Apps to deploy a file policy that scans specific folders or all folders within sharepoint and onedrive for a list of SITs that you define within the file policy if you wanted to.