Skip to content
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.
/ snyk-tag-monitor Public archive

A scheduled lambda that checks if the number of tags we are using is going to hit Snyk limits.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

guardian/snyk-tag-monitor

BranchesTags

Repository files navigation

This project is no longer in use

Snyk no longer has a tag limit

Snyk Tag Monitor

Snyk allowed us a custom limit of 5000 unique key-value pairs that can be used as tags. This scheduled lambda first clears out any orphaned tags, then counts up the remaining tags in use on Snyk projects. The lambda runs every day, and sends an email to the security team if that number is higher than 4500. The number of tags is logged, and also registered as a cloudwatch datapoint. Cloudwatch will use the stage dimension DEV or INFRA, depending on whether the code was run locally or on AWS, respectively.

Architecture

Architecture

Running locally

Before running the code locally you will need:

  1. federated access to the security account
  2. to set the security account as default by running export AWS_DEFAULT_PROFILE=security
  3. a default region set.

To run:

  1. install all required dependencies in a virtual environment by running ./scripts/setup.sh from the root of the project
  2. activate the virtual environment by running source .venv/bin/activate from the root of the project
  3. run the program using python3 src/main.py.

About

A scheduled lambda that checks if the number of tags we are using is going to hit Snyk limits.

Topics

production

Resources

Readme

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

31 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 8

Languages