CI Scans
CI Scans are used to focus team’s attention and establish development workflows on the most actionable issues, prioritizing the development team’s time. CI Scans can be triggered directly from automated CI/CD pipelines, looking for new vulnerabilities relative to the baseline established for the target branch. These CI Scans provide immediate feedback to developers in the form of PR comments and can also enforce policies to break builds, block PRs, send notifications, open tickets, and more. CI scans are the most actionable method to prevent vulnerabilities from entering your repositories.
Perform CI scans using:
- endorctl CLI
- Scan with GitLab pipeline
- Scan with GitHub Actions
- Scan with Circle CI
- Scan with Jenkins
- Scan with Azure DevOps
- Scan with Bitbucket
- Scan with Google Cloud Build
See scanning strategies to learn techniques for effectively scanning and monitoring different versions of your projects with Endor Labs.
endorctl
is a command line utility designed to bring the functionality of Endor Labs into your software delivery workflows. endorctl
has several command flags to help you facilitate operational and security risk monitoring. Developers can integrate Endor Labs into Continuous Integration Workflows using the endorctl scan
.
endorctl scan
- You can use endorctl scan to monitor your projects using Endor Labs, and you can update the scan information each time to keep monitoring the project for new findings. Theendorctl scan
command will scan a specific version of your repository, such as the default branch, a tagged release version, or a commit SHA.endorctl scan --pr
- You can use theendorctl scan --pr
command to scan a specific version of your source code for security and operational risks as part of your continuous integration workflows or CI runs. Theendorctl scan --pr
command performs a one-time evaluation of your project, focusing on security and operational risks, rather than providing continuous monitoring. CI runs are shown in the Scan History section of each project and are stored for 30 days so that you can analyze and review them on the Endor Labs user interface.
Any continuous integration workflows generally run using the endorctl scan --pr
command unless a scan is run on a created tag release, a push to the default or specific branch, or a commit SHA that will be deployed to production.
Authenticating in CI with Keyless Authentication
Keyless Authentication enhances security and minimizes the expenses associated with secret rotation. Keyless authentication is Endor Labs recommended path to scan your projects in the CI workflows. See Keyless Authentication for more information.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.