Open-source tool Yor automatically tags IaC resources for traceability and auditability
Yor is an open-source tool from Palo Alto Networks that automatically tags cloud resources within infrastructure as code (IaC) frameworks such as Terraform, Cloudformation, Kubernetes, and Serverless Framework.
Yor helps security teams trace a security misconfiguration from code to cloud, automates the tedious work of manually tagging cloud resources, and enables highly effective GitOps across all major cloud providers.
“Effective infrastructure tagging is critical to tracking cost allocation, access control, operations, and of course security in the cloud,” said Barak Schoster, Chief Architect at Palo Alto Networks. “To date, this has been an all-too-manual process for developers, with each cloud provider and organization having different standards and naming conventions. By automating standardized tagging, Yor provides visibility and traceability from IaC configuration to cloud resources in production.”
Gartner writes in their report How to Start Executing a Successful Automation Strategy that “all organizations should have a standardized tagging method that categorizes resources” and that “keeping the asset base current multiplies the effectiveness of the change-management process because it ensures that the in-scope assets are correctly categorized, tagged and managed.”
Organizations can run Yor across all infrastructure resources to retroactively assign ownership and other meaningful tags based on IaC and git history data. Yor can also be built into the CI/CD lifecycle for improved traceability as infrastructure is modified and created. Having consistent tagging will make it simple to trace any misconfigurations back to the original code owners and editors, reducing the time to patch.
The Cloud Security Alliance noted in their recent report The State of Cloud Security Concerns, Challenges, and Incidents that misconfigurations are among the leading causes of breaches and outages as public cloud adoption doubled over the past two years.
If a security team identifies a misconfiguration, having the tags for the developer owner simplifies triaging, so the ticket can be automatically assigned to the right developer. Yor’s use cases also extend beyond security by making it easier to tag resources to allocate costs from a finance and budgeting perspective.
Yor was built by Bridgecrew, acquired by Palo Alto Networks earlier this year.