Skip to main content
All Endor Labs policies provide the option to define inclusion and exclusion criteria based on project tags. This allows you to implement exception workflows, to onboard new teams or business units, and to set specific policies that only apply to sets of projects, such as those that are mature or the crown jewel applications of an organization. Most organizations have projects with differing compliance and security requirements. Adopting a single standard for all projects can lead to challenges. While many controls apply equally across an environment, some controls are excessive or irrelevant for projects that don’t need to meet specific regulatory frameworks, or do not process sensitive information. For example, an organization may want to look for leaked secrets in all repositories, but may not require a robust vulnerability management program and branch protection strategy on projects where internal documentation is developed. The following reference tagging strategies can help organizations align their policies with their internal control needs.

Tag your projects

Tags add additional metadata to projects and help you identify them. You can also use the project tags to define the scope of a finding or an action policy for a project. To create tags for a project:
  1. Sign in to Endor Labs and select Projects from the sidebar.
  2. Select a project and click Settings.
  3. Type a name for the tag in Custom Tags and press Enter. Tags can have a maximum length of 255 characters and can contain letters (A-Z), numbers (0-9), and characters (=@-_).
  4. Click Save Tags.
  5. Use Reset Tags to make a new entry.