> ## Documentation Index > Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt > Use this file to discover all available pages before exploring further. ## Submitting Feedback If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback: POST https://docs.endorlabs.com/feedback ```json { "path": "/developers-api/cli/environment-variables/index", "feedback": "Description of the issue" } ``` Only submit feedback when you have something specific and actionable to report. # Global flags and environment variables > Use global flags and environment variables to customize and configure endorctl. export const YamlTable = ({children, data: propData, content}) => { const KV_RE = /^([A-Za-z][A-Za-z0-9_()/#\s-]+?):\s*(.+)$/; const INLINE_MD_RE = /(\[([^\]]+)\]\(([^)]+)\))|(`([^`]+)`)|(\*\*([^*]+)\*\*)|(\*([^*]+)\*)/g; const YES_RE = /^-yes-$/i; const NO_RE = /^-no-$/i; const LIMITED_RE = /^-(limited|partial)-$/i; const SIMPLE_TAG_RE = /()|()|(-note-)|(-warning-)/gi; const tryParseKV = trimmed => { const m = KV_RE.exec(trimmed); return m ? { key: m[1], value: m[2].trim() } : null; }; const registerKey = (key, seenKeys, orderedKeys) => { if (!seenKeys.has(key)) { orderedKeys.push(key); seenKeys.add(key); } }; const flushEntry = (currentEntry, entries) => { if (Object.keys(currentEntry).length > 0) entries.push(currentEntry); }; const parseDashPrefixed = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed.startsWith('- ')) { if (inEntry) entries.push(currentEntry); currentEntry = {}; inEntry = true; const kv = tryParseKV(trimmed.substring(2).trim()); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } else if (inEntry && trimmed !== '') { const kv = tryParseKV(trimmed); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } } flushEntry(currentEntry, entries); }; const parseBlankSeparated = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed === '') { if (inEntry) { flushEntry(currentEntry, entries); currentEntry = {}; inEntry = false; } continue; } const kv = tryParseKV(trimmed); if (!kv) continue; const isNewEntry = !line.startsWith(' ') && !line.startsWith('\t'); if (isNewEntry && inEntry && Object.keys(currentEntry).length > 0) { entries.push(currentEntry); currentEntry = {}; } registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; inEntry = true; } flushEntry(currentEntry, entries); }; const normalizeEntries = (entries, orderedKeys) => entries.map(entry => { const filled = {}; for (const key of orderedKeys) filled[key] = entry[key] || ''; return filled; }); const parseYamlTableContent = contentStr => { if (!contentStr) return []; const entries = []; const orderedKeys = []; const seenKeys = new Set(); const lines = contentStr.split('\n'); if (lines.some(line => line.trim().startsWith('- '))) { parseDashPrefixed(lines, entries, orderedKeys, seenKeys); } else { parseBlankSeparated(lines, entries, orderedKeys, seenKeys); } return normalizeEntries(entries, orderedKeys); }; const processText = text => { if (!text) return text; const parts = []; let keyIndex = 0; let lastIndex = 0; let match; while ((match = INLINE_MD_RE.exec(text)) !== null) { if (match.index > lastIndex) parts.push(text.slice(lastIndex, match.index)); if (match[1]) { parts.push({match[2]}); } else if (match[4]) { parts.push({match[5]}); } else if (match[6]) { parts.push({match[7]}); } else if (match[8]) { parts.push({match[9]}); } lastIndex = match.index + match[0].length; } if (lastIndex < text.length) parts.push(text.slice(lastIndex)); if (parts.length === 0) return text; const keyRef = { current: keyIndex }; return expandHtmlTags(parts, keyRef); }; const processBadges = text => { if (!text || typeof text !== 'string') return text; if (YES_RE.test(text)) return ; if (NO_RE.test(text)) return ; if (LIMITED_RE.test(text)) return ; return processText(text); }; const expandSimpleTags = (str, keyRef) => { const result = []; let last = 0; SIMPLE_TAG_RE.lastIndex = 0; let m; while ((m = SIMPLE_TAG_RE.exec(str)) !== null) { if (m.index > last) result.push(str.slice(last, m.index)); if (m[1]) { result.push(
); } else if (m[2]) { result.push(
,
); } else if (m[3]) { result.push(Note: ); } else if (m[4]) { result.push(Warning: ); } last = m.index + m[0].length; } if (last < str.length) result.push(str.slice(last)); return result; }; const expandHtmlTags = (chunks, keyRef) => { const out = []; for (const chunk of chunks) { if (typeof chunk === 'string') { out.push(...expandSimpleTags(chunk, keyRef)); } else { out.push(chunk); } } return out; }; const extractText = node => { if (node === null || node === undefined) return ''; if (typeof node === 'string') return node; if (typeof node === 'number') return String(node); if (typeof node === 'boolean') return ''; if (Array.isArray(node)) return node.map(extractText).join(''); if (node && typeof node === 'object' && node.type) { const props = node.props || ({}); if (typeof props.children === 'string') return props.children; if (props.children) return extractText(props.children); return ''; } return String(node || ''); }; const [mounted, setMounted] = useState(false); useEffect(() => { setMounted(true); }, []); const data = useMemo(() => { if (propData) return propData; if (content && typeof content === 'string') return parseYamlTableContent(content); if (!children) return []; if (typeof children === 'string') return parseYamlTableContent(children); const childrenArray = Array.isArray(children) ? children : [children]; return parseYamlTableContent(childrenArray.map(extractText).join('').trim()); }, [children, propData, content]); const columns = useMemo(() => { if (!data || data.length === 0) return []; const firstRow = data[0]; if (!firstRow || typeof firstRow !== 'object') return []; return Object.keys(firstRow); }, [data]); if (!mounted) return null; if (!data || data.length === 0) return null; const rowKey = row => columns.map(c => row[c] || '').join('|'); return {columns.map(col => )} {data.map(row => {columns.map(col => )} )}
{col.replaceAll('_', ' ')}
{processBadges(row[col])}
; }; Every command-line flag has a corresponding environment variable that you can set instead of the flag, either directly in your environment or in a dedicated configuration file. See `config-path` description in [Global Flags and Variables](#global-flags-and-variables) and [Set environment variables](#set-endorctl-environment-variables) for details. To set a command-line flag on the endorctl scan command you can specify the flag with a leading `--` for full flag names or a leading `-` for short flag aliases. If applicable, place input arguments after the flag and separate them with either a blank space or a `=` character. For example, to set the `output-type` specify `--output-type json` or `-o=json`. If the input argument is a list, use a `,` character to separate list elements, for example `--languages=go,python`. ## Global flags and variables The following Global flags apply to any `endorctl` command. {` - Flag: \`api\` Environment_Variable: \`ENDOR_API\` Type: string Description: Set the API URL for the Endor Labs Application (default \`https://api.endorlabs.com\`). - Flag: \`api-key\` Environment_Variable: \`ENDOR_API_CREDENTIALS_KEY\` Type: string Description: Set the API key used to authenticate with Endor Labs. - Flag: \`api-secret\` Environment_Variable: \`ENDOR_API_CREDENTIALS_SECRET\` Type: string Description: Set the secret corresponding to the API key used to authenticate with Endor Labs. - Flag: \`aws-role-arn\` Environment_Variable: \`ENDOR_AWS_CREDENTIALS_ROLE_ARN\` Type: string Description: Set the target role ARN for AWS based authentication. Set this flag to enable AWS authentication. See our [AWS Keyless Authentication Docs](/setup-deployment/ci-cd/keyless-authentication) for details. - Flag: \`bypass-host-check\` Environment_Variable: \`ENDOR_BYPASS_HOST_CHECK\` Type: boolean Description: Bypass the check that verifies that the host machine is correctly set up to use endorctl. - Flag: \`config-path\` Environment_Variable: \`ENDOR_CONFIG_PATH\` Type: string Description: Set the local file system path to the Endor Labs config directory containing your Endor Labs environment variables. By default, set to \`$HOME/.endorctl/config.yaml\`. - Flag: \`enable-azure-managed-identity\` Environment_Variable: \`ENDOR_AZURE_CREDENTIALS_MANAGED_IDENTITY_ENABLE\` Type: boolean Description: Enable keyless authentication using Azure VM managed identity system tokens. - Flag: \`enable-github-action-token\` Environment_Variable: \`ENDOR_GITHUB_ACTION_TOKEN_ENABLE\` Type: boolean Description: Enable keyless authentication using GitHub Action OIDC tokens. See the [GitHub documentation on configuring OpenID Connect in cloud providers](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers) for details. - Flag: \`gcp-service-account\` Environment_Variable: \`ENDOR_GCP_CREDENTIALS_SERVICE_ACCOUNT\` Type: string Description: Set the target service account for GCP based authentication. Set this flag to enable GCP authentication. - Flag: \`log-level\` Environment_Variable: \`ENDOR_LOG_LEVEL\` Type: string Description: Set the log level. Set to \`debug\` for debug logs. See also the \`--verbose\` flag. - Flag: \`namespace\` Environment_Variable: \`ENDOR_NAMESPACE\` Type: string Description: Set to the namespace of the project that you are working with. - Flag: \`token\` Environment_Variable: \`ENDOR_TOKEN\` Type: string Description: Set the authentication token used to authenticate with Endor Labs. - Flag: \`verbose\` Environment_Variable: \`ENDOR_LOG_VERBOSE\` Type: boolean Description: Enable verbose logging. - Flag: \`version\` Environment_Variable: Not applicable Description: Display the \`endorctl\` client version. - Flag: Not applicable Environment_Variable: \`ENDOR_JS_ENABLE_TSSERVER\` Type: boolean Description: Set this environment variable to true to view call graphs for JavaScript/TypeScript projects. - Flag: Not applicable Environment_Variable: \`ENDOR_JS_TSSERVER_TIMEOUT\` Type: integer (default:15) Description: Set the timeout in seconds for \`tsserver\` responses when generating JavaScript/TypeScript call graphs. The default timeout is 15 seconds. Increase this value if call graph generation times out for large or complex projects. - Flag: Not applicable Environment_Variable: \`ENDOR_JS_PACKAGE_MANAGER\` Type: string Description: Set this environment variable to \`npm\`, \`yarn\`, \`pnpm\`, or \`lerna\` to override auto detection and force \`endorctl\` to use a specific JavaScript package manager. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_ENABLE_PRECOMPUTED_CALLGRAPHS\` Type: boolean Description: Enable pre-computed reachability analysis to analyze your application based on analysis of how your direct dependencies interact with the software they rely on. This provides faster analysis and serves as a fallback when traditional reachability analysis fails. Supported all languages that support reachability except for Golang. - Flag: Not applicable Environment_Variable: \`ENDOR_MAVEN_ADDITIONAL_PARAMETERS\` Type: Comma-separated string Description: Set additional JVM options for Maven dependency resolution in monitoring scans. endorctl appends parameters to \`MAVEN_OPTS\`.

For example \`ENDOR_MAVEN_ADDITIONAL_PARAMETERS=-Xmx4096m,-DskipTests=true\`. - Flag: Not applicable Environment_Variable: \`ENDOR_GRADLE_ADDITIONAL_PARAMETERS\` Type: Comma-separated string with key-value pairs Description: Set additional Gradle properties for dependency resolution in monitoring scans. endorctl adds parameters to \`gradle.properties\`. For example \`ENDOR_GRADLE_ADDITIONAL_PARAMETERS=org.gradle.jvmargs=-Xmx4096m,org.gradle.caching=true\`. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_MAVEN_PREPOP_CACHE\` Type: boolean Description: Enable pre-population of Maven local cache for large monorepos to speed up dependency resolution by running \`mvn dependency:collect\` in parallel before scanning modules. Recommended for projects with more than 100 \`pom.xml\` files. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_SHALLOW_CLONE\` Type: boolean Description: Enables shallow clone when Endor Labs clones the repository during CI and monitoring scans. Endor Labs downloads only recent commits instead of the full history, making scans run faster. You can also configure it in a scan profile under **additional_environment_variables**. - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_USE_GOMOD_VERSION\` Type: boolean Description: Set to \`true\` to use the Go version from the project's \`go.mod\` for Go standard library vulnerability scanning instead of detecting the system Go. See [Go standard library vulnerability scanning](/scan/sca/golang#go-standard-library-vulnerability-scanning). - Flag: Not applicable Environment_Variable: \`ENDOR_SCAN_GO_VERSION\` Type: string Description: Set the Go version used for Go standard library vulnerability scanning. See [Go standard library vulnerability scanning](/scan/sca/golang#go-standard-library-vulnerability-scanning). `} ## Set `endorctl` environment variables To set an environment variable run the following command. ```bash theme={null} export = ``` For example to set the environment variable `ENDOR_TOKEN` to "mytoken" run the following command. ```bash theme={null} export ENDOR_TOKEN=mytoken ```