Set up AI security code review with endorctl
You can use AI security code review with endorctl and GitHub environment variables without requiring the GitHub App. This approach allows you to integrate AI security code review into your local development workflows. You can use this approach only if you have GitHub as your source control management system.
Complete the following tasks to set up AI security code review with endorctl:
- Complete the prerequisites to use AI security code review with endorctl.
- Set up the environment variables required to run endorctl for AI security code review.
- Install and authenticate endorctl, build your project, and run a scan. Scanning the repository creates the project in Endor Labs that you can use to configure the scan profile.
- Configure a scan profile for AI security code review.
- Enable the security review finding policy.
- Configure an action policy if you want to get comments on your GitHub pull request with the details of the AI security code review.
- Run scans for AI security code review.
- View results of the AI security code review.
Prerequisites to use AI security code review with endorctl
Ensure that the following prerequisites are met before using AI security code review with endorctl:
- An active Endor Labs subscription with Endor Code Pro license.
- Access to configure scan profiles and policies
- Code Segment Embeddings and LLM Processing enabled in Data Privacy settings
- A GitHub token with appropriate permissions.
Enable Code Segment Embeddings and LLM Processing
Perform the following steps to enable code segment embeddings and LLM processing:
-
Select Manage > Settings from the left sidebar.
-
Select SYSTEM SETTINGS > Data Privacy.
-
Select Code Segment Embeddings and LLM Processing.
-
Click Save Data Privacy Settings.
Verify license and feature access
Perform the following steps to verify your license and feature access:
- Select Settings > License from the left sidebar.
- Verify that you have Security Review in Products and Features.
Set up environment variables
Configure the following environment variables for GitHub integration:
# Required: GitHub token with repo access
export GITHUB_TOKEN=<your-github-token>
# Required: Endor Labs authentication
export ENDOR_API_CREDENTIALS_KEY=<your-api-key>
export ENDOR_API_CREDENTIALS_SECRET=<your-api-secret>
export ENDOR_NAMESPACE=<your-namespace>
Pull request scan with AI security code review
For pull request scans with AI security code review, you need to specify the required flags.
endorctl scan \
-n <namespace> \
--pr \
--security-review \
--github-pr-id <PR_NUMBER> \
--github-token $GITHUB_TOKEN \
--enable-pr-comments
The following table describes the flags used in the command.
| Flag | Mandatory | Description |
|---|---|---|
-n <namespace> |
✗ | Your Endor Labs namespace. If you do not specify a namespace, the command uses the default namespace. |
--pr |
✓ | Indicates that this is a pull request scan. |
--security-review |
✓ | Enables AI security code review. |
--github-pr-id <PR_NUMBER> |
✓ | The GitHub pull request number that you want to scan. |
--github-token $GITHUB_TOKEN |
✓ | GitHub token for authentication. You need to specify this flag if you did not set up the GITHUB_TOKEN environment variable. |
--enable-pr-comments |
✗ | Enables comments on the GitHub pull request. Enable this flag if you want to get comments on your GitHub pull request with the details of the AI security code review. You must enable the action policy for pull request comments. |
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.