Tagging projects for policy

Learn about tagging projects to manage policies in Endor Labs

Endor Labs policies allow you to define inclusion and exclusion criteria based on the tags of a project. This allows teams to implement exception workflows, to onboard new teams or business units and to set specific policies that only apply to sets of projects, such as those that are mature or the crown jewel applications of an organization.

Almost all organizations will have projects with differing compliance and security requirements. Adopting a single standard for all projects can lead to challenges. While many controls apply equally across an environment, some controls are excessive or irrelevant for projects that don’t need to meet specific regulatory frameworks, or do not proccess sensitive information.

For example, an organization may want to look for leaked secrets in all repositories, but may not require a robust vulnerability management program and branch protection strategy on projects where internal documentation is developed.

These reference tagging strategies can help organizations align their policies with their internal control needs:


Use Case Rationale Example Tags
Data Classification Apply controls to projects from which applications that proccess sensitive are developed. Classification_Restricted, Classification_HighlySensitive, Classification_Public
Application Importance Apply controls to projects based on the importance of the applications developed in them. Application_CrownJewel, Application_Critical
Application Exposure Apply controls to project from which applications that are exposed internally or to the public internet differently. Exposure_Public , Exposure_Internal
Compliance Apply controls to projects where specific compliance or regulatory controls may apply. Compliance_SOC2, Compliance_HIPAA, Compliance_PCI, Compliance_None
Business Unit Apply controls to projects based on a business units maturity or onboarding status. Apply different controls to a new aquisition. BU_Infrastructure, BU_Clinical
Policy Exceptions Do not apply a control to a repository that has an approved policy exception Policy_Exception_Branch_Protection

How to tag your projects

To tag your projects in Endor Labs:

  1. Go to the projects page on the left side navigation.
  2. Search for and select the project(s) you would like to tag.
  3. Click the box to the left hand side of the project name
  4. Select Edit Tags on the top right hand side of the project page.
  5. Add or remove tags from the list of selected projects.
  6. Click Save Tags to commit your changes.