Grouping rules#
Labels are additional metadata that can be used to classify rules. Together with tags they can be used to group or filter rules.
Using labels#
When defining a rule you can specify labels to classify or link rules using a framework or standard. A single rule can be can linked to multiple labels. For example:
- The Azure Well-Architected Framework (WAF) defines pillars such as Security and Reliability.
- The CIS Benchmarks define a number of control IDs such as 3.12 and 13.4.
To specify labels in YAML, use the labels property:
To specify labels in JSON, use the labels property:
Filtering with labels#
A reason for assigning labels to rules is to perform filtering of rules to a specific subset.
This can be accomplished using baselines and the spec.rule.labels property.
For example:
---
# Synopsis: A baseline which returns only security rules.
apiVersion: github.com/microsoft/PSRule/2025-01-01
kind: Baseline
metadata:
name: TestBaseline6
spec:
rule:
labels:
Azure.WAF/pillar: [ 'Security' ]
---
# Synopsis: A baseline which returns any rules that are classified to Azure.WAF/pillar.
apiVersion: github.com/microsoft/PSRule/2025-01-01
kind: Baseline
metadata:
name: TestBaseline6
spec:
rule:
labels:
Azure.WAF/pillar: '*'