Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Yor home
  • Docs
    • Quick start
    • Overview
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview

Yor Documentation

  • 1.Welcome
    • What is Yor?
  • 2.Using Yor
    • Installing Yor
    • Supported Taggers
    • Applying Tags
      • Apply Built-in Tags
      • Tagging Docker Files
      • Tagging Using Pre-commit:
      • Use case: module tagging
        • Tagging examples:
          • Module with remote path
      • Skipping Tags
      • Skipping Directories
    • Reviewing Tag Results
  • 3.Custom Taggers
    • Creating and Applying Custom Tags
    • Custom Tagger Using YAML Configuration Files
  • 4.Use Cases
    • Tagging Use Cases
  • 5.CLI Command Reference
    • CLI Command Reference
  • Docs
  • 2.using yor
  • Applying Tags
Edit on GitHub

Applying Tags

The following commands are used to apply tags. GitHub Actions provides a simple, automatic way of applying tags to your IaC both during pull request review and as part of any build process. In order to integrate Yor into follow the installation here

Apply Built-in Tags

To apply all configured tags run the following commands:

./yor tag - apply the built-in tags and any custom tags on a directory

    ./yor tag --directory terraform/
    # Apply all the tags in yor on the directory tree terraform/

    ./yor tag --directory terraform/ --skip-tags git_last_modified_by,yor_trace
    # Apply all the tags in yor except the tags git_last_modified_by and yor_trace

    ./yor tag --tag-group git --directory terraform/
    # Apply only the tags under the git tag group

Tagging Docker Files

To run Yor as a Docker container, run the following commands after the file has been built.

docker pull bridgecrew/yor

docker run --tty --volume /local/path/to/tf:/tf bridgecrew/yor tag --directory /tf

Tagging Using Pre-commit:

Using Pre-commit with Yor provides a simple, automatic way of applying tags to your IaC identifying potential issues before submission to code review.

You need to have the pre-commit package manager installed before you can run Pre-commit hooks.

Add a hook to your .pre-commit-config.yaml and change the args and version number.

  - repo: https://github.com/bridgecrewio/yor
    rev: 0.0.44
    hooks:
      - id: yor
        name: yor
        entry: yor tag -d
        args: ["example/examplea"]
        language: golang
        types: [terraform]
        pass_filenames: false

Use case: module tagging

Yor supports terraform module blocks tagging using:

  1. modules with a local path - will not be modified. The underlying resources will be tagged separately.
  2. modules with a remote path - tags will be added according to the module block metadata. Yor does not download the remote module and modify it, but rather considers it as a black box.

Some examples:

module "local_module" {
   # This is a local module. Yor will **not** modify this block.
   # Instead, Yor will tag the actual resources located at the source dir that is specified in the module block
   source  = "../../tests/terraform"
   tags    = {
      env = var.env
   }
}

module "remote_module" {
   # This is a remote module (from the registry).
   # Yor will add tags to the `tags` attribute of this module
   source = "terraform-aws-modules/vpc/aws"
   tags   = {
      env = var.env
   }
}

module "remote_module_2" {
   # This is a remote module (from github).
   # Yor will add tags to the `tags` attribute of this module
   source = "git@github.com:terraform-aws-modules/terraform-aws-vpc.git"
   tags   = {
      env = var.env
   }
}

Tagging examples:

Module with remote path

Before
module "remote_module" {
   # This is a remote module (from the registry).
   # Yor will add tags to the `tags` attribute of this module
   source = "terraform-aws-modules/vpc/aws"
   tags   = {
      env = var.env
   }
}
After
module "remote_module" {
   # This is a remote module (from the registry).
   # Yor will add tags to the `tags` attribute of this module
   source = "terraform-aws-modules/vpc/aws"
   tags   = {
      env                  = var.env
      yor_trace            = "912066a1-31a3-4a08-911b-0b06d9eac64e"
      git_repo             = "example"
      git_org              = "bridgecrewio"
      git_file             = "applyTag.md"
      git_commit           = "COMMITHASH"
      git_modifiers        = "bana/gandalf"
      git_last_modified_at = "2021-01-08 00:00:00"
      git_last_modified_by = "bana@bridgecrew.io"
   }
}

Skipping Tags

Using command line flags you can specify to run only named tags (allow list) or run all tags except those listed (deny list).

./yor tag -d . --skip-tags yor_trace
## Run all but yor_trace

./yor tag -d . --skip-tags yor_trace,git_modifiers
## Run all but yor_trace and git_modifiers

./yor tag -d . --skip-tags git*
## Run all tags except tags with specified patterns

Skipping Directories

Using the command line flag skip-paths you can define paths which won’t be tagged. Be mindful that the skipped path should include the root dir path. See example below:

./yor tag -d path/to/files
## Run on the directory path/to/files

./yor tag -d path/to/files --skip-dirs path/to/files/skip,path/to/files/another/skip2
## Run yor on the directory path/to/files, skipping path/to/files/skip/ and path/to/files/another/skip2/

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy