> ## Documentation Index > Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.endorlabs.com/feedback ```json { "path": "/developers-api/cli/commands/scan/index", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. # scan > Use the scan command to perform endorctl scan. export const SupportedLanguagesList = () => { return c,c#,go,java,javascript,kotlin,php,python,ruby,rust,scala,swift,typescript,swifturl; }; export const YamlTable = ({children, data: propData, content}) => { const KV_RE = /^([A-Za-z][A-Za-z0-9_()/#\s-]+?):\s*(.+)$/; const INLINE_MD_RE = /(\[([^\]]+)\]\(([^)]+)\))|(`([^`]+)`)|(\*\*([^*]+)\*\*)|(\*([^*]+)\*)/g; const YES_RE = /^-yes-$/i; const NO_RE = /^-no-$/i; const LIMITED_RE = /^-(limited|partial)-$/i; const NA_RE = /^-(na|none)-$/i; const NA2_RE = /^-na2-$/i; const SIMPLE_TAG_RE = /()|()|(-note-)|(-warning-)/gi; const tryParseKV = trimmed => { const m = KV_RE.exec(trimmed); return m ? { key: m[1], value: m[2].trim() } : null; }; const registerKey = (key, seenKeys, orderedKeys) => { if (!seenKeys.has(key)) { orderedKeys.push(key); seenKeys.add(key); } }; const flushEntry = (currentEntry, entries) => { if (Object.keys(currentEntry).length > 0) entries.push(currentEntry); }; const parseDashPrefixed = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed.startsWith('- ')) { if (inEntry) entries.push(currentEntry); currentEntry = {}; inEntry = true; const kv = tryParseKV(trimmed.substring(2).trim()); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } else if (inEntry && trimmed !== '') { const kv = tryParseKV(trimmed); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } } flushEntry(currentEntry, entries); }; const parseBlankSeparated = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed === '') { if (inEntry) { flushEntry(currentEntry, entries); currentEntry = {}; inEntry = false; } continue; } const kv = tryParseKV(trimmed); if (!kv) continue; const isNewEntry = !line.startsWith(' ') && !line.startsWith('\t'); if (isNewEntry && inEntry && Object.keys(currentEntry).length > 0) { entries.push(currentEntry); currentEntry = {}; } registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; inEntry = true; } flushEntry(currentEntry, entries); }; const normalizeEntries = (entries, orderedKeys) => entries.map(entry => { const filled = {}; for (const key of orderedKeys) filled[key] = entry[key] || ''; return filled; }); const parseYamlTableContent = contentStr => { if (!contentStr) return []; const entries = []; const orderedKeys = []; const seenKeys = new Set(); const lines = contentStr.split('\n'); if (lines.some(line => line.trim().startsWith('- '))) { parseDashPrefixed(lines, entries, orderedKeys, seenKeys); } else { parseBlankSeparated(lines, entries, orderedKeys, seenKeys); } return normalizeEntries(entries, orderedKeys); }; const processText = text => { if (!text) return text; const parts = []; let keyIndex = 0; let lastIndex = 0; let match; while ((match = INLINE_MD_RE.exec(text)) !== null) { if (match.index > lastIndex) parts.push(text.slice(lastIndex, match.index)); if (match[1]) { parts.push({match[2]}); } else if (match[4]) { parts.push({match[5]}); } else if (match[6]) { parts.push({match[7]}); } else if (match[8]) { parts.push({match[9]}); } lastIndex = match.index + match[0].length; } if (lastIndex < text.length) parts.push(text.slice(lastIndex)); if (parts.length === 0) return text; const keyRef = { current: keyIndex }; return expandHtmlTags(parts, keyRef); }; const processBadges = text => { if (!text || typeof text !== 'string') return text; if (YES_RE.test(text)) return ; if (NO_RE.test(text)) return ; if (LIMITED_RE.test(text)) return ; if (NA_RE.test(text) || NA2_RE.test(text)) return Not applicable; return processText(text); }; const cellClassName = text => { if (!text || typeof text !== 'string') return undefined; if (NA_RE.test(text)) return 'yt-cell-na'; if (NA2_RE.test(text)) return 'yt-cell-na2'; return undefined; }; const expandSimpleTags = (str, keyRef) => { const result = []; let last = 0; SIMPLE_TAG_RE.lastIndex = 0; let m; while ((m = SIMPLE_TAG_RE.exec(str)) !== null) { if (m.index > last) result.push(str.slice(last, m.index)); if (m[1]) { result.push(
); } else if (m[2]) { result.push(
,
); } else if (m[3]) { result.push(Note: ); } else if (m[4]) { result.push(Warning: ); } last = m.index + m[0].length; } if (last < str.length) result.push(str.slice(last)); return result; }; const expandHtmlTags = (chunks, keyRef) => { const out = []; for (const chunk of chunks) { if (typeof chunk === 'string') { out.push(...expandSimpleTags(chunk, keyRef)); } else { out.push(chunk); } } return out; }; const extractText = node => { if (node === null || node === undefined) return ''; if (typeof node === 'string') return node; if (typeof node === 'number') return String(node); if (typeof node === 'boolean') return ''; if (Array.isArray(node)) return node.map(extractText).join(''); if (node && typeof node === 'object' && node.type) { const props = node.props || ({}); if (typeof props.children === 'string') return props.children; if (props.children) return extractText(props.children); return ''; } return String(node || ''); }; const [mounted, setMounted] = useState(false); useEffect(() => { setMounted(true); }, []); const data = useMemo(() => { if (propData) return propData; if (content && typeof content === 'string') return parseYamlTableContent(content); if (!children) return []; if (typeof children === 'string') return parseYamlTableContent(children); const childrenArray = Array.isArray(children) ? children : [children]; return parseYamlTableContent(childrenArray.map(extractText).join('').trim()); }, [children, propData, content]); const columns = useMemo(() => { if (!data || data.length === 0) return []; const firstRow = data[0]; if (!firstRow || typeof firstRow !== 'object') return []; return Object.keys(firstRow); }, [data]); if (!mounted) return null; if (!data || data.length === 0) return null; const rowKey = row => columns.map(c => row[c] || '').join('|'); return {columns.map(col => )} {data.map(row => {columns.map(col => )} )}
{col.replaceAll('_', ' ')}
{processBadges(row[col])}
; }; Use the `scan` command to perform scans against a repository. ## Usage Run the following command to perform a full scan including reachability analysis for the open source packages you build in a repository. ```bash theme={null} endorctl scan ``` If your project contains multiple programming languages, you can specify them as a comma-separated list using the `--languages` flag: ```bash theme={null} endorctl scan --languages= ``` Provide `` as a comma-separated list using the supported languages: . To scan leaked secrets and monitor all results in the checked out version of your repository. ```bash theme={null} endorctl scan --secrets ``` Run the following command to perform a regular scan for leaked secrets including the dependencies. ```bash theme={null} endorctl scan --secrets --dependencies ``` Run the following command to scan for leaked secrets in all branches of your repository. ```bash theme={null} endorctl scan --secrets --git-logs ``` The above command performs a scan of the repository's Git logs using the following logic: * If endorctl scans the repository's Git log history for the first time, it performs a full scan * endorctl also performs a full rescan if you change any of the rules in the namespace * In all other cases, endorctl runs an incremental scan based on the last scan time If the system invalidates detected secrets and you want to re-validate them, force a full rescan with the following command. To scan for misconfigurations in a GitHub repository like [https://github.com/endorlabs/app-java-demo](https://github.com/endorlabs/app-java-demo). ```bash theme={null} export ENDOR_SCAN_SCM_TOKEN= endorctl scan --github --repository-http-clone-url=https://github.com/endorlabs/app-java-demo ``` To run a scan as a test in a pull request without monitoring the version of your code over time run the command. ```bash theme={null} endorctl scan --pr ``` To scan workflow files under `.github/workflows` and discover Actions used in your pipelines, run the following command. ```bash theme={null} endorctl scan --ghactions ``` For CI integration options including the GitHub App and the Endor Labs GitHub Action, see [GitHub Actions scanning](/scan/github-actions). The command performs regular dependency analysis on your repository. It also discovers GitHub Actions workflows in your CI/CD pipeline and maps them as GitHub action dependencies in your package. To scan binaries and artifacts run the following command. ```bash theme={null} endorctl scan --package --path --project-name ``` You must provide the path of your file using `--path` and specify a name for your project using `--project-name`. To scan and discover AI/LLM models in your repository, run the following command ```bash theme={null} endorctl scan --ai-models --dependencies ``` To run a scan in dry run mode with local scanning and read-only access, run the following command. Dry run mode does not store scan results for monitoring and is best when used by developers running local scans. ```bash theme={null} endorctl scan --dependencies --dry-run ``` You can also use `--dry-run` with `--secrets` or `--sast` flags. Do not use `--dry-run` with container scanning. ## Options The command `endorctl scan` uses the following flags and environment variables: ### Bazel flags {` - Flag: \`bazel-exclude-targets\` Environment_Variable: \`ENDOR_SCAN_BAZEL_EXCLUDE_TARGETS\` Type: comma-separated string Description: Set this variable to exclude a list of Bazel targets included in a provided Bazel query. - Flag: \`bazel-include-targets\` Environment_Variable: \`ENDOR_SCAN_BAZEL_INCLUDE_TARGETS\` Type: comma-separated string Description: Set this variable to scan a list of targets using Bazel. endorctl scans only the specified list of targets. If you do not specify \`bazel-include-targets\`, you must identify targets using \`bazel-targets-query\`. If you specify targets, endorctl ignores the results from \`bazel-targets-query\`. - Flag: \`bazel-show-internal-targets\` Environment_Variable: \`ENDOR_SCAN_BAZEL_SHOW_INTERNAL_TARGETS\` Type: boolean Description: Show internal targets as py_library, java_library and go_library as dependencies. Use \`--use-bazel\` with this flag. - Flag: \`bazel-targets-query\` Environment_Variable: \`ENDOR_SCAN_BAZEL_TARGETS_QUERY\` Type: string Description: Set this variable to query for a list of Bazel targets to include in a scan. - Flag: \`bazel-vendor-manifest-path\` Environment_Variable: \`ENDOR_SCAN_BAZEL_VENDOR_MANIFEST_PATH\` Type: string Description: Set this variable to specify the path of the \`go.mod\` file if you use Bazel with Gazelle in vendored mode for Go projects. - Flag: \`bazel-workspace-path\` Environment_Variable: \`ENDOR_SCAN_BAZEL_WORKSPACE_PATH\` Type: string Description: Set this variable to specify the path of the Bazel workspace. - Flag: \`use-bazel\` Environment_Variable: \`ENDOR_SCAN_USE_BAZEL\` Type: boolean Description: Use Bazel to perform the endorctl scan. - Flag: \`bazel-rc-path\` Environment_Variable: \`ENDOR_SCAN_BAZEL_RC_PATH\` Type: string Description: Specify custom paths for Bazel configuration files. Specify comma-separated paths relative to the repository root. If you provide multiple \`.bazelrc\` files that contain conflicting configuration options, the configuration in the last file listed takes precedence. See [Bazel documentation](https://bazel.build/run/bazelrc#bazelrc-file-locations) for details about \`.bazel.rc\` file locations. - Flag: \`bazel-flags\` Environment_Variable: \`ENDOR_SCAN_BAZEL_FLAGS\` Type: string Description: Specify additional command-line flags to pass to Bazel when running a scan. Specify comma-separated key-value pairs in the format \`key=value\`. endorctl applies these flags to \`bazel build\`. `} ### Pull request (CI) flags {` - Flag: \`enable-pr-comments\` Environment_Variable: \`ENDOR_SCAN_ENABLE_PR_COMMENTS\` Type: boolean Description: Publish new findings as review comments. Set together with \`--scm-pr-id\`, \`--pr\`, and either \`--github-token\` (for GitHub) or \`--scm-token\` (for GitLab). Do not use with \`--pr-baseline\` since endorctl determines the baseline from the merge target of the PR. Note: You can continue to use \`--github-pr-id\` flag, but Endor Labs will deprecate and remove this flag in the future. - Flag: \`scm-pr-id\` Environment_Variable: \`ENDOR_SCAN_SCM_PR_ID\` Type: string Description: Set the PR or MR ID corresponding to the scan. You need to use this flag with \`--pr\` and \`--scm-token\`. Also set \`--enable-pr-comments\` to publish new findings as review comments on the pull or merge request. - Flag: \`pr\` Environment_Variable: \`ENDOR_SCAN_PR\` Type: boolean Description: Set if this is a PR scan. PR scans are not used for reporting or monitoring. Treat them as point-in-time policy and finding tests. - Flag: \`pr-baseline\` Environment_Variable: \`ENDOR_SCAN_PR_BASELINE\` Type: string Description: Set to the Git reference that you are merging to, such as your default branch. Action policies will only flag issues that do not exist in the baseline so that developers are only alerted to issues on the current changes. For example, \`--pr-baseline=main\`. - Flag: \`pr-incremental\` Environment_Variable: \`ENDOR_SCAN_PR_INCREMENTAL\` Type: boolean Description: Only scan packages with dependencies that have changed compared to the baseline scan. Set together with \`--pr-baseline\` or \`--enable-pr-comments\`. - Flag: \`scm-token\` Environment_Variable: \`ENDOR_SCAN_SCM_TOKEN\` Type: string Description: Set the token used to authenticate with the SCM. The token takes priority over installation tokens. `} ### GitHub configuration flags {` - Flag: \`github\` Environment_Variable: \`ENDOR_SCAN_GITHUB\` Type: boolean Description: Fetch information from GitHub and generate findings for any GitHub misconfigurations (see also [RSPM policies](/platform-administration/policies/finding-policies/managing-scm-configuration)). - Flag: \`github-api-url\` Environment_Variable: \`GITHUB_API_URL\` Type: string Description: Set the GitHub API URL used for API requests to GitHub Enterprise Cloud or GitHub Enterprise Server. **Use this flag for self-hosted source control systems such as GitHub Enterprise Server.** (default \`https://api.github.com/\`) - Flag: \`github-ca-path\` Environment_Variable: \`GITHUB_CA_PATH\` Type: string Description: Set the path to the CA certificate used by GitHub Enterprise Server if your system does not trust it. - Flag: \`g\`, \`github-token\` Environment_Variable: \`GITHUB_TOKEN\` Type: string Description: Set the GitHub token used to authenticate with GitHub. We deprecated this flag; use \`--scm-token\` for authentication instead. - Flag: \`repository-http-clone-url\` Environment_Variable: \`ENDOR_SCAN_GITHUB_REPOSITORY_HTTP_CLONE_URL\` Type: string Description: Set the GitHub repository HTTP clone URL for \`--github\` scans. `} ### Call graph flags {` - Flag: \`build\` Environment_Variable: \`ENDOR_SCAN_BUILD\` Type: boolean Description: Enable the scan to build the project if needed. - Flag: \`call-graph-languages\` Environment_Variable: \`ENDOR_SCAN_CALLGRAPH_LANGUAGES\` Type: strings Description: Set programming languages for call graph generation. Supported languages are C#, Go, Java, JavaScript, Kotlin, Python, Rust, Scala, and TypeScript. By default, endorctl generates call graphs for all supported languages. - Flag: \`disable-private-package-analysis\` Environment_Variable: \`ENDOR_SCAN_DISABLE_PRIVATE_PACKAGE_ANALYSIS\` Type: boolean Description: Disable the call graph analysis of private dependencies that are not part of the repository. - Flag: \`quick-scan\` Environment_Variable: \`ENDOR_SCAN_QUICK_SCAN\` Type: boolean Description: Perform a quick scan without call graph generation. `} ### Policy flags {` - Flag: \`exit-on-policy-warning\` Environment_Variable: \`ENDOR_SCAN_EXIT_ON_POLICY_WARNING\` Type: boolean Description: Return a non-zero exit code if there are policy violation warnings. `} ### Secrets scan flags {` - Flag: \`force-rescan\` Environment_Variable: \`ENDOR_SCAN_FORCE_RESCAN\` Type: boolean Description: Force a full rescan of the historical Git logs for all branches in the repository. Use with \`--secrets\`. - Flag: \`git-logs\` Environment_Variable: \`ENDOR_SCAN_GIT_LOGS\` Type: boolean Description: Audit the historical Git logs of the repository for all branches in the repository. Use with \`--secrets\`. - Flag: \`local\` Environment_Variable: \`ENDOR_SCAN_LOCAL\` Type: boolean Description: Scan the local filesystem. Use with \`--secrets\`. - Flag: \`start-commit\` Environment_Variable: \`ENDOR_SCAN_START_COMMIT\` Type: string Description: The start commit of the Git logs of the repository to start scanning from. Use with \`--secrets\` and \`--end-commit\`. - Flag: \`end-commit\` Environment_Variable: \`ENDOR_SCAN_END_COMMIT\` Type: string Description: The end commit of the Git logs of the repository to end scanning at. Use with \`--secrets\` and \`--start-commit\`. - Flag: \`pre-commit-checks\` Environment_Variable: \`ENDOR_SCAN_PRE_COMMIT_CHECKS\` Type: boolean Description: Perform Git pre-commit checks on the changeset about to commit. Use with \`--secrets\`. - Flag: \`secrets\` Environment_Variable: \`ENDOR_SCAN_SECRETS\` Type: boolean Description: Scan source code repository and generate findings for leaked secrets. See also \`--git-logs\` and \`--pre-commit-checks\`. `} ### SAST scan flags {` - Flag: \`sast\` Environment_Variable: \`ENDOR_SCAN_SAST\` Type: boolean Description: Scan for weaknesses in your source code based on the enabled rules and generate results based on the configured finding policies. See also \`--disable-code-snippet-storage\`. See [SAST scan](/scan/sast/run-a-sast-scan) for more information. - Flag: \`disable-code-snippet-storage\` Environment_Variable: \`ENDOR_SCAN_DISABLE_CODE_SNIPPET_STORAGE\` Type: boolean Description: Do not store or display the source code related to a finding. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_SEMGREP_VERBOSE\` Type: boolean Description: Enable verbose output for SAST scans to show detailed information about rule execution, file parsing status, and scan progress. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_SEMGREP_DEBUG\` Type: boolean Description: Enable debug output for SAST scans, which includes all verbose information plus additional debugging details to help troubleshoot scan issues. `} ### Sandbox flags {` - Flag: \`install-build-tools\` Environment_Variable: \`ENDOR_SCAN_INSTALL_BUILD_TOOLS\` Type: boolean Description: Install build tools in a runtime sandbox. - Flag: \`use-scan-profile\` Environment_Variable: \`ENDOR_SCAN_USE_SCAN_PROFILE\` Type: boolean Description: Use a scan profile to run a scan in a self-contained sandbox. `} ### Miscellaneous flags {` - Flag: \`ai-models\` Environment_Variable: \`ENDOR_SCAN_AI_MODELS\` Type: boolean Description: Scan source code repository and discover usage of OSS AI models. - Flag: \`as-default-branch\` Environment_Variable: \`ENDOR_SCAN_AS_DEFAULT_BRANCH\` Type: boolean Description: Set this as the default branch. - Flag: \`container\` Environment_Variable: \`ENDOR_SCAN_CONTAINER\` Type: string Description: Set this to the container image:tag to perform a scan on containers. - Flag: \`container-as-ref\` Environment_Variable: \`ENDOR_SCAN_CONTAINER_AS_REF\` Type: boolean Description: Scan container in a persistent context and keep the version. Use the \`--project-name\` argument to specify the name of the project and \`--path\` argument to specify its path. - Flag: \`dependencies\` Environment_Variable: \`ENDOR_SCAN_DEPENDENCIES\` Type: boolean Description: Scan Git commits and generate findings for all dependencies. - Flag: \`dry-run\` Environment_Variable: \`ENDOR_SCAN_DRY_RUN\` Type: boolean Description: Run the scan in dry run mode. When enabled, Endor Labs does not store scan results and needs only read-only access. Use this flag only with SCA (dependencies), SAST, or secrets scanning. Do not use it with container scanning. - Flag: \`detached-ref-name\` Environment_Variable: \`ENDOR_SCAN_DETACHED_REF_NAME\` Type: string Description: Set the name of the Git reference to a user-provided name. For example, \`--detached-ref-name="$CI_DEFAULT_BRANCH"\`. Use with CI environments that checkout commits, such as GitLab. - Flag: \`exclude-path\` Environment_Variable: \`ENDOR_SCAN_EXCLUDE_PATH\` Type: string Description: Specify one or more file paths or directories to exclude from the scan using Glob style expressions. For example, \`--exclude-path="src/java/**"\` will exclude all files under \`src/java\`, including any subdirectories, while \`--exclude-path="src/java/*"\` will only exclude the files directly under \`src/java\`. Paths must be relative to the root of the repository. Use quotes to ensure that your shell does not expand wild cards. - Flag: \`finding-tags\` Environment_Variable: \`ENDOR_SCAN_FINDING_TAGS\` Type: string Description: Specify a list of user-defined tags to add to findings for objects in this scan scope. Use in combination with options such as \`--include-path\` or \`--exclude-path\`. Use finding tags to search and filter findings later. - Flag: \`ghactions\` Environment_Variable: \`ENDOR_SCAN_GHACTIONS\` Type: boolean Description: Scan and discover GitHub action workflows in your CI/CD pipeline. - Flag: \`include-path\` Environment_Variable: \`ENDOR_SCAN_INCLUDE_PATH\` Type: string Description: Limit the scan to the specified file paths or directories using Glob style expressions. For example, \`--include-path="src/java/**"\` will scan all the files under \`src/java\`, including any subdirectories, while \`--include-path="src/java/*"\` will only include the files directly under \`src/java\`. Paths must be relative to the root of the repository. Use quotes to ensure that your shell does not expand wild cards. - Flag: \`l\`, \`languages\` Environment_Variable: \`ENDOR_SCAN_LANGUAGES\` Type: string Description: Set programming languages to scan. Used to limit scanning to specific languages.

If your project contains multiple programming languages, you can specify them as a comma-separated list as: \`c,c#,go,java,javascript,kotlin,php,python,ruby,rust,scala,swift,typescript,swifturl\`. - Flag: \`o\`, \`output-type\` Environment_Variable: \`ENDOR_SCAN_SUMMARY_OUTPUT_TYPE\` Type: string Description: Set output format to json, yaml, table, or summary. Summary only displays policy violations (default: \`table\`). - Flag: \`package\` Environment_Variable: \`ENDOR_SCAN_PACKAGE\` Type: boolean Description: Scan binaries and artifacts. You must provide the path of your file using \`--path\` and specify a name for your project using \`--project-name\` parameters. - Flag: \`p\`, \`path\` Environment_Variable: \`ENDOR_SCAN_PATH\` Type: string Description: Set path to local repository to scan. For example: \`--path=/Users/endorlabs/github/myrepo\`. - Flag: \`project-name\` Environment_Variable: \`ENDOR_SCAN_PROJECT_NAME\` Type: string Description: Give a name for the project while scanning binaries and artifacts. Use with the \`--package\` parameter. - Flag: \`project-tags\` Environment_Variable: \`ENDOR_SCAN_PROJECT_TAGS\` Type: string Description: Specify a list of user-defined tags to add to this project. - Flag: \`registries\` Environment_Variable: \`ENDOR_SCAN_REGISTRIES\` Type: string Description: Registries to use along with public or namespace registries. Format - \`\\"user:password@ecosystem://registry#priority\\"\`. - Flag: \`s\`, \`sarif-file\` Environment_Variable: \`ENDOR_SCAN_SUMMARY_SARIF_FILE\` Type: string Description: Set the file path for saving scan results in SARIF format.

SARIF output includes vulnerability aliases, such as CVE IDs, GHSA IDs, and other OSV identifiers, for SCA findings. - Flag: \`tags\` Environment_Variable: \`ENDOR_SCAN_TAGS\` Type: string Description: Specify a list of user-defined tags to add to this scan. Use tags to search and filter scans later. - Flag: \`use-local-repo-cache\` Environment_Variable: \`ENDOR_SCAN_USE_LOCAL_CACHE\` Type: boolean Description: Use the local cache for dependency resolution. *Make sure that \`mvn install -U\` is successful and include [\`mvn dependency\`](https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-dependency-plugin) and [\`mvn help\`](https://mvnrepository.com/artifact/org.apache.maven.plugins/maven-help-plugin) plugins in the local m2 cache. For Gradle complete \`gradle assemble --refresh-dependencies\`.* - Flag: \`uuid\` Environment_Variable: \`ENDOR_SCAN_UUID\` Type: string Description: Scan the specified project UUID. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_EMBEDDINGS\` Type: boolean Description: Controls the use of code segment embeddings during a scan. Set to \`false\` to turn off embeddings for a specific scan, or \`true\` to turn them on. This setting overrides the system-wide configuration. See [Enable code segment embeddings](/scan/sca/c#enable-code-segment-embeddings) for more information. `}