> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.
## Submitting Feedback
If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:
POST https://docs.endorlabs.com/feedback
```json
{
"path": "/api-reference/endorignoreentryservice/createendorignoreentry",
"feedback": "Description of the issue"
}
```
Only submit feedback when you have something specific and actionable to report.
# CreateEndorIgnoreEntry
> Creates an EndorIgnoreEntry object.
## OpenAPI
````yaml /api-reference/openapi.v3.json post /v1/namespaces/{tenant_meta.namespace}/endor-ignore-entries
openapi: 3.0.3
info:
description: Integrate your application with Endor Labs using the REST API.
title: Endor Labs REST API Reference
version: '1.0'
servers:
- url: https://api.endorlabs.com/
security: []
tags:
- name: AISastCustomerContextService
- name: APIKeyService
- name: APIKeyValidatorService
- name: ArtifactSignatureService
- name: AuditLogService
- name: AuthenticationLogService
- name: AuthenticationService
- name: AuthorizationPolicyService
- name: BatchFileSegmentsService
- name: BatchNotificationService
- name: CallGraphDataService
- name: CodeOwnersService
- name: DependencyMetadataService
- name: EndorIgnoreEntryService
- name: ExporterService
- name: FindingLogService
- name: FindingService
- name: HuggingFaceModelService
- name: HuggingFaceOrganizationService
- name: IPAddressPolicyService
- name: IdentityProviderService
- name: InstallationService
- name: InvitationService
- name: LicenseDependencyService
- name: LicenseNoticesReportService
- name: LicenseSummaryService
- name: LinterResultService
- name: MalwareService
- name: MetricService
- name: NamespaceService
- name: NotificationService
- name: NotificationTargetService
- name: OnPremSchedulerService
- name: PRCommentConfigService
- name: PackageFirewallLogService
- name: PackageLicenseOverrideService
- name: PackageLicenseQueryService
- name: PackageLicenseService
- name: PackageManagerService
- name: PackageVersionService
- name: PluginBinaryService
- name: PolicyService
- name: PolicyTemplateService
- name: ProjectService
- name: ProvisioningResultService
- name: QueryMalwareService
- name: QueryService
- name: QuerySimilarPackagesService
- name: QueryVulnerabilityService
- name: RegistryIngestionCheckpointService
- name: RepositoryService
- name: RepositoryVersionService
- name: RuleSetImportService
- name: SBOMExportService
- name: SBOMImportService
- name: SCMCredentialService
- name: SavedQueryService
- name: ScanLogRequestService
- name: ScanProfileService
- name: ScanResultService
- name: ScanWorkflowResultService
- name: ScanWorkflowService
- name: SecretRuleService
- name: SemgrepRuleService
- name: SystemConfigService
- name: TenantService
- name: VEXExportService
- name: VectorStoreService
- name: VersionUpgradeService
- name: VulnerabilityService
paths:
/v1/namespaces/{tenant_meta.namespace}/endor-ignore-entries:
post:
tags:
- EndorIgnoreEntryService
summary: CreateEndorIgnoreEntry
description: Creates an EndorIgnoreEntry object.
operationId: EndorIgnoreEntryService_CreateEndorIgnoreEntry
parameters:
- description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
in: path
name: tenant_meta.namespace
required: true
schema:
type: string
x-endor-name: Namespace
requestBody:
content:
application/json:
schema:
$ref: >-
#/components/schemas/EndorIgnoreEntryServiceCreateEndorIgnoreEntryBody
required: true
x-originalParamName: body
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/v1EndorIgnoreEntry'
description: A successful response.
default:
content:
application/json:
schema:
$ref: '#/components/schemas/googlerpcStatus'
description: An unexpected error response.
components:
schemas:
EndorIgnoreEntryServiceCreateEndorIgnoreEntryBody:
description: >-
Represents a single entry in the ignore file.
EndorIgnoreEntry objects are created by the endorctl client after
reading and processing the ignore file during the git scan,
and then applied to the findings during the analytics scan.
The ignore file is either a raw list of vulnerability ids
(one per line), or a YAML file that contains a list of ignore entries,
each identifying one or more findings in a repository version.
The file is formatted manually or via the endorctl ignore command.
Each entry must specify at least the finding name or the vulnerability
ID.
The more fields you provide, the more specific the ignore entry is.
I.e. if you only provide the finding name and there are multiple
findings with the same name in the same repository version,
the ignore entry is applied to all of them.
Use the endorctl ignore --finding-uuid option to automatically populate
all fields of the ignore entry based on a given finding.
properties:
context:
$ref: '#/components/schemas/v1Context'
meta:
$ref: '#/components/schemas/v1Meta'
spec:
$ref: '#/components/schemas/v1EndorIgnoreEntrySpec'
tenant_meta:
description: Tenant data.
title: Tenant data.
type: object
uuid:
description: The UUID of the object.
readOnly: true
type: string
required:
- meta
- spec
type: object
v1EndorIgnoreEntry:
description: >-
Represents a single entry in the ignore file.
EndorIgnoreEntry objects are created by the endorctl client after
reading and processing the ignore file during the git scan,
and then applied to the findings during the analytics scan.
The ignore file is either a raw list of vulnerability ids
(one per line), or a YAML file that contains a list of ignore entries,
each identifying one or more findings in a repository version.
The file is formatted manually or via the endorctl ignore command.
Each entry must specify at least the finding name or the vulnerability
ID.
The more fields you provide, the more specific the ignore entry is.
I.e. if you only provide the finding name and there are multiple
findings with the same name in the same repository version,
the ignore entry is applied to all of them.
Use the endorctl ignore --finding-uuid option to automatically populate
all fields of the ignore entry based on a given finding.
properties:
context:
$ref: '#/components/schemas/v1Context'
meta:
$ref: '#/components/schemas/v1Meta'
spec:
$ref: '#/components/schemas/v1EndorIgnoreEntrySpec'
tenant_meta:
$ref: '#/components/schemas/v1TenantMeta'
uuid:
description: The UUID of the object.
readOnly: true
type: string
required:
- meta
- spec
type: object
googlerpcStatus:
description: >-
The `Status` type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It
is
used by [gRPC](https://github.com/grpc). Each `Status` message contains
three pieces of data: error code, error message, and error details.
You can find out more about this error model and how to work with it in
the
[API Design Guide](https://cloud.google.com/apis/design/errors).
properties:
code:
description: |-
The status code, which should be an enum value of
[google.rpc.Code][google.rpc.Code].
format: int32
type: integer
details:
description: >-
A list of messages that carry the error details. There is a common
set of
message types for APIs to use.
items:
$ref: '#/components/schemas/googleprotobufAny'
type: array
message:
description: >-
A developer-facing error message, which should be in English. Any
user-facing error message should be localized and sent in the
[google.rpc.Status.details][google.rpc.Status.details] field, or
localized
by the client.
type: string
type: object
v1Context:
description: Contexts keep objects from different scans separated.
properties:
id:
description: The context ID, such as a pull request ID or branch reference.
type: string
tags:
description: |-
A list of tags applied to a context. Used primarily for CI and SBOM
contexts.
items:
type: string
type: array
type:
$ref: '#/components/schemas/ContextContextType'
will_be_deleted_at:
description: |-
Time that all objects in this context will be deleted.
This field is deprecated and will be removed in the future.
Please use the meta.will_be_deleted_at field instead.
format: date-time
readOnly: true
type: string
required:
- type
- id
type: object
v1Meta:
description: Common fields for all Endor Labs resources.
properties:
annotations:
additionalProperties:
type: string
description: >-
Annotations can be used to attach metadata to a resource message.
Annotation values can be small or large, structured or unstructured,
and may include characters not permitted by labels.
The keys may contain alphanumerics, underscores (_), dots (.) and
dashes
(-). The values of an annotation must be 16384 bytes or smaller.
type: object
create_time:
description: |-
Time the resource was created.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
created_by:
description: |-
Name and authentication source of the user who created the object,
for example, ewok@endor.ai@google@api-key.
readOnly: true
type: string
description:
description: Resource description. Must be less than 1024 bytes.
type: string
index_data:
$ref: '#/components/schemas/v1IndexData'
kind:
description: >-
Resource kind, for example, HelloResponse.
Auto-generated using the protobuf message
proto.MessageName().Name().
readOnly: true
type: string
name:
description: Resource name. Must be 63 characters or less.
type: string
parent_kind:
description: Parent object resource kind, for example, Project.
type: string
parent_uuid:
description: Parent object UUID.
type: string
references:
additionalProperties:
$ref: '#/components/schemas/googleprotobufAny'
description: Map of objects referenced in a query API.
readOnly: true
type: object
tags:
description: >-
List of tags attached to the resource.
Tags can be used to select objects and to find collections of
objects that
satisfy certain conditions. A tag must be 255 characters or less.
items:
type: string
type: array
update_time:
description: |-
Time the resource was last updated.
Note: Updated on all create/patch/delete operations.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
updated_by:
description: >-
Name and authentication source of the last user who updated the
object,
for example, vulnerabilityingestor@endor.ai@x509.
readOnly: true
type: string
upsert_time:
description: |-
Time the resource was last upserted.
Note:
create_time is only set the first time the resource is created.
upsert_time is set every time the resource is upseted.
Format: 2017-01-15T01:30:15.01Z
RFC 3339: https://www.ietf.org/rfc/rfc3339.txt.
format: date-time
readOnly: true
type: string
version:
description: Message version.
readOnly: true
type: string
required:
- name
type: object
v1EndorIgnoreEntrySpec:
properties:
dependency_name:
description: |-
Name of the dependency of the finding that is being ignored.
For example, "org.apache.logging.log4j:log4j-core@2.3".
Partial matches are accepted.
This corresponds to the spec.target_dependency_package_name field
of the finding object for PackageVersion findings.
type: string
extra_key:
description: |-
Extra key for the finding that is being ignored.
For example, the finding policy UUID.
Exact matches only.
The extra key is used internally to uniquely identify findings
(along with other fields such as the parent, target, and type)
and is stored in the spec.extra_key field of the finding object.
type: string
finding_name:
description: |-
Name of the finding that is being ignored.
For example, "Potential secret leak Generic API Key: ID #3b0fbc".
Exact matches only.
Please note that finding names are stored in the meta.description
field of the finding object rather than in meta.name.
Yes, this is confusing, but there are historical reasons for this.
type: string
ignore_params:
$ref: '#/components/schemas/v1DismissParams'
parent_name:
description: |-
Name of the parent of the finding that is being ignored.
For example, "com.endor.webapp:endor-java-webapp-demo@4.0-SNAPSHOT".
Partial matches are accepted.
This corresponds to the meta.name field of the parent object
pointed to by the meta.parent_uuid field of the finding object.
type: string
project_uuid:
description: Project UUID.
type: string
vuln_id:
description: |-
Vulnerability ID of the finding that is being ignored.
For example, "CVE-2025-12345" or "GHSA-7rjr-3q55-vv33".
Exact matches only.
type: string
required:
- ignore_params
type: object
v1TenantMeta:
description: Tenant related data for the tenant containing the resource.
properties:
namespace:
description: >-
Namespaces are a way to organize organizational units into virtual
groupings of resources. Namespaces must be a fully qualified name,
for example, the child namespace of namespace "endor.prod" called
"app"
is called "endor.prod.app".
type: string
required:
- namespace
type: object
googleprotobufAny:
additionalProperties: {}
description: >-
`Any` contains an arbitrary serialized protocol buffer message along
with a
URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form
of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}
Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}
The pack methods provided by protobuf library will by default use
'type.googleapis.com/full.type.name' as the type URL and the unpack
methods only use the fully qualified type name after the last '/'
in the type URL, for example "foo.bar.com/x/y.z" will yield type
name "y.z".
JSON
====
The JSON representation of an `Any` value uses the regular
representation of the deserialized, embedded message, with an
additional field `@type` which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}
{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": ,
"lastName":
}
If the embedded message type is well-known and has a custom JSON
representation, that representation will be embedded adding a field
`value` which holds the custom JSON in addition to the `@type`
field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}
properties:
'@type':
description: >-
A URL/resource name that uniquely identifies the type of the
serialized
protocol buffer message. This string must contain at least
one "/" character. The last segment of the URL's path must represent
the fully qualified name of the type (as in
`path/google.protobuf.Duration`). The name should be in a canonical
form
(e.g., leading "." is not accepted).
In practice, teams usually precompile into the binary all types that
they
expect it to use in the context of Any. However, for URLs which use
the
scheme `http`, `https`, or no scheme, one can optionally set up a
type
server that maps type URLs to message definitions as follows:
* If no scheme is provided, `https` is assumed.
* An HTTP GET on the URL must yield a [google.protobuf.Type][]
value in binary format, or produce an error.
* Applications are allowed to cache lookup results based on the
URL, or have them precompiled into a binary to avoid any
lookup. Therefore, binary compatibility needs to be preserved
on changes to types. (Use versioned type names to manage
breaking changes.)
Note: this functionality is not currently available in the official
protobuf release, and it is not used for type URLs beginning with
type.googleapis.com. As of May 2023, there are no widely used type
server
implementations and no plans to implement one.
Schemes other than `http`, `https` (or the empty scheme) might be
used with implementation specific semantics.
type: string
type: object
ContextContextType:
default: CONTEXT_TYPE_UNSPECIFIED
description: |2-
- CONTEXT_TYPE_MAIN: Objects from a scan of the default branch.
All objects in the oss namespace are in the main context.
The context id is always "default".
- CONTEXT_TYPE_EXTERNAL: Indicates that this object is a copy/temporary value of an object in
another project. Used for same-tenant dependencies. In source code
reference this is equivalent to "vendor" folders. Package versions in
the external context are only scanned for call graphs. No other
operations are performed on them.
- CONTEXT_TYPE_CI_RUN: Objects from a PR scan. The context id is the PR UUID.
Objects in this context are deleted after 30 days.
- CONTEXT_TYPE_SBOM: Objects from an SBOM scan. The context id is the SBOM serial number or
some other unique identifier.
- CONTEXT_TYPE_REF: Objects from a scan of a specific branch. The context id is the branch
reference name.
enum:
- CONTEXT_TYPE_UNSPECIFIED
- CONTEXT_TYPE_MAIN
- CONTEXT_TYPE_EXTERNAL
- CONTEXT_TYPE_CI_RUN
- CONTEXT_TYPE_SBOM
- CONTEXT_TYPE_REF
type: string
v1IndexData:
description: |-
IndexData is used to index the resource for search. It's an internal
object.
properties:
data:
items:
type: string
readOnly: true
type: array
search_score:
description: >-
search_score is the score of the resource for search. Internal use
only.
format: float
readOnly: true
type: number
tenant:
readOnly: true
type: string
will_be_deleted_at:
description: Time that the resource will be deleted.
format: date-time
readOnly: true
type: string
type: object
v1DismissParams:
description: Metadata associated with a snooze or ignore request.
properties:
comments:
description: Comments for the snooze or ignore.
type: string
entry_id:
description: The ignore file entry id.
type: string
expiration_time:
description: Expiration time of the snooze or ignore.
format: date-time
type: string
expire_if_fix_available:
description: >-
Set to true if the snooze or ignore should expire if a fix is
available.
type: boolean
file_name:
description: Name of the file that was used to ignore the finding.
type: string
reason:
$ref: '#/components/schemas/v1ExceptionReason'
update_time:
description: Timestamp of the last update.
format: date-time
type: string
updated_by:
description: Username of the user who last updated the snooze or ignore.
type: string
type: object
v1ExceptionReason:
default: EXCEPTION_REASON_UNSPECIFIED
description: |-
Reasons for dismissing a finding.
- EXCEPTION_REASON_FALSE_POSITIVE: Tool is incorrect. This is not a real issue.
- EXCEPTION_REASON_RISK_ACCEPTED: Risk acknowledged and accepted.
- EXCEPTION_REASON_IN_TRIAGE: Issue is actively being triaged.
- EXCEPTION_REASON_OTHER: Other reason. Use policy description or dismiss comments to elaborate.
- EXCEPTION_REASON_RESOLVED: Issue has been resolved. For example, a secret is no longer valid.
enum:
- EXCEPTION_REASON_UNSPECIFIED
- EXCEPTION_REASON_FALSE_POSITIVE
- EXCEPTION_REASON_RISK_ACCEPTED
- EXCEPTION_REASON_IN_TRIAGE
- EXCEPTION_REASON_OTHER
- EXCEPTION_REASON_RESOLVED
type: string
````