All Endor Labs policies provide the option to define inclusion and exclusion criteria based on project tags. This allows you to implement exception workflows, to onboard new teams or business units, and to set specific policies that only apply to sets of projects, such as those that are mature or the crown jewel applications of an organization.
Most organizations have projects with differing compliance and security requirements. Adopting a single standard for all projects can lead to challenges. While many controls apply equally across an environment, some controls are excessive or irrelevant for projects that don’t need to meet specific regulatory frameworks, or do not process sensitive information.
For example, an organization may want to look for leaked secrets in all repositories, but may not require a robust vulnerability management program and branch protection strategy on projects where internal documentation is developed.
The following reference tagging strategies can help organizations align their policies with their internal control needs.
Use Case | Rationale | Example Tags |
---|---|---|
Data Classification | Apply controls to projects from which applications that proccess sensitive are developed. | Classification_Restricted , Classification_HighlySensitive , Classification_Public |
Application Importance | Apply controls to projects based on the importance of the applications developed in them. | Application_CrownJewel , Application_Critical |
Application Exposure | Apply controls to project from which applications that are exposed internally or to the public internet differently. | Exposure_Public , Exposure_Internal |
Compliance | Apply controls to projects where specific compliance or regulatory controls may apply. | Compliance_SOC2 , Compliance_HIPAA , Compliance_PCI , Compliance_None |
Business Unit | Apply controls to projects based on a business units maturity or onboarding status. Apply different controls to a new aquisition. | BU_Infrastructure , BU_Clinical |
Policy Exceptions | Do not apply a control to a repository that has an approved policy exception | Policy_Exception_Branch_Protection |
Tag your projects
Tags add additional metadata to projects and help you identify them. You can also use the project tags to define the scope of a finding or an action policy for a project.
- For more details on finding policies, see Finding policies
- For more details on action polices, see Action policies
To create tags for a project:
- Sign in to Endor Labs and select Projects from the sidebar.
- Select a project and click Settings.
- Type a name for the tag in Custom Tags and press Enter. Tags can have a maximum length of 63 characters and can contain letters (A-Z), numbers (0-9), and characters (=@-_).
- Click Save Tags.
- Use Reset Tags to make a new entry.