Bridgecrew Latest Open Source Contribution: Iac Tool, Yor.

Yor is an open source automated infrastructure-as-code tagging and tracing tool aimed at fixing cloud tagging complications


On May 27, 2021, Palo Alto Networks announced the release of an open source framework that negates the manual strain behind tagging cloud resources.

Tagging simplifies tasks, encourages cost allocation, risk management, and automation.
Tagging simplifies tasks, encourages cost allocation, risk management, and automation.
Key Facts
  1. 1

    Enterprises may leverage Yor to allocate ownership and relevant tags.

  2. 2

    Yor automatically provides developer IaC tags for framework templates with tracing details.

  3. 3

    Yor is basically a stage in CI/CD pipelines.

  4. 4

    Yor encourages automated simplicity in tracing misconfigurations to the developer behind it.


In the face of high scale breakdown in a security operations center, from scanning through a wide field of logs and charts and securing Shell Protocol, tracking the fault to the relevant teams responsible for the code disrupting the system. DevOps have a lot to do and less time to do them. They end up navigating a labyrinth-natured field to find out the developer behind the misconfiguration with alarms endlessly blaring.

Many enterprises have been in this kind of situation, and similar ones. There have been whispers and emphasis in DevSecOps communities on ways to optimize search in configurations and fewer answers to follow them up; these answers are not all-mighty.

Enterprises often employ cloud tagging to allocate cloud resources to responsible owners, not necessarily primarily for breakdown troubleshooting but also in the cases of code improvement and rewriting. Tagging simplifies tasks, encourages cost allocation, risk management, and automation.

Image courtesy: Image courtesy:

However, this forehand solution to that impending problem is not in any way easy. It not only requires hands-on practice and a lot of work but is also limited to resource owners in broad strokes. GitOps teams using infrastructure as code must make changes with IaC tags. Tracing a misconfiguration caused by a cloud resource to a line of code is no small feat. Without proper tags, peering through pull requests and finding the responsible person that wrote the code is bothersome.

Say no more, says cloud security firm Palo Alto Networks, through their mission-oriented addition, Bridgecrew. It is actually the first exhibition by Bridgecrew and Palo Alto since their merging and should be the talk of the security section of the open source communities.

Yor can comfortably fit into developer workflows, Yor can be integrated into a system's continuous integrations and continuous delivery pipelines. It provides allocation and tracing competencies in CloudFormation, Terraform, and Serverless templates by creating IaC tags automatically on activation.

Image courtesy: Image courtesy:

It is a tool SecOps would more than fancy; they would revere automation capable of taking on the work of tracing a misconfiguration back to the developer that orchestrated the code, tracking change management, and of course, intercloud resources tracing. This aids in determining the main cause of a runtime misconfiguration and makes detecting friction between code configuration and running resources more reliable.

Bridgecrew, the crew behind this magnificence, has an outstanding history in Infrastructure as code enhancements

Bridgecrew built Yor, the team behind the popular open source IaC scanner Checkov, downloaded over 2 million times by developers. Palo Alto Networks acquired Bridgecrew in March 2021, and together they continue to invest in new and existing open source projects.

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …