This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

CI/CD tools

Identify the CI/CD tools used in your software development environment.

Endor Labs automatically discovers and identifies the CI/CD tools used in your organization based on your source code and source code management system configuration, giving you insight into your software development environment posture.

Scan for CI/CD tools

If you are using the Github App, CI/CD tools discovery is automatic. If you want to scan a particular repository for CI/CD tools, make sure that you are authenticated and then run the command:

endorctl scan --path=/path/to/your/repo --tools

Note: To include GitHub application data you must also set the --github flag and provide a GitHub token with read:org access.

View the CI/CD tools detected

To view the CI/CD tool coverage in all projects:

  1. Sign in to the Endor Labs application
  2. Navigate to CI/CD > Tools on the left sidebar to view the list of all your projects and tools detected, grouped by tool category
  3. Use Search to look for specific projects
  4. Use Tool Categories to filter the search results by tool category
  5. Use Tools to filter the search results by tool name
  6. Click on the Settings Gear Icon in the top-right corner of the table to configure which columns you want to see
  7. Select a project to navigate to the Tools section for the specific project, where you can view details and evidence of how the tool is used in the project
    • Click on the Drawer Icon at the right end of a row to view the details for the corresponding tool
    • Tools are identified based on a range of different patterns, from file names and file content, to webhooks and GitHub applications

View the supported CI/CD tools and patterns used to detect them

To view the patterns that are used to detect the various CI/CD tools:

  1. Sign in to the Endor Labs application
  2. Navigate to Policies on the left sidebar
  3. Navigate to the CI/CD RULES tab to see the list of supported CI/CD tools and the corresponding category mapping
  4. Click on the vertical ellipsis at the right end of a row and select View Rule to see the tool pattern definition

Create finding policies for CI/CD tools

See CI/CD finding policies for details on how to create finding policies for CI/CD tools.