Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

A finding is a discovery of significance made following the completion of a scan. Findings result from the default out-of-the-box implementation of rule sets called Finding policies.

View findings

To view different types of findings associated with all projects or packages in your tenant:
  1. Select Findings from the left sidebar.
  2. Search for findings using basic filters.
  3. Use Saved Filters to create and save your frequently used searches, helping you save time.
  4. Toggle Advanced and search for findings using advanced filters.
  5. Use Table preferences to select the columns you want to view and customize the appearance of the findings table.
  6. Select a finding to view the following details:
    • Project metadata
    • Risk details and remediation guidance
    • Notifications associated with the finding and Jira ticket links
    • Personalized notes for each finding. You can view notes on findings if you have tenant access. Only users with Admin or Code Scanner role can add or edit notes. See authorization roles to learn about roles and permissions.
  7. To apply exceptions to findings, select findings and click Actions > Add Exception.
  8. To export findings, select the findings, and click Actions > Export Selected or Export All.
Findings UI

View findings associated with a project

To view the findings associated with a project:
  1. Select Projects from the left sidebar.
  2. Select the project for which you want to view the findings. The Findings page includes the list of findings specific to the project.
  3. Review the list of findings. Click the finding to see its details.
  4. Use Grouped By to group findings by attributes such as dependency, location, package, CWE, tags, code owner or rule name to filter and manage them collectively.

Finding attributes

Finding attributes are characteristics or properties associated with each discovered issue or result obtained from a scan. These attributes could include the following details and metadata.

Filter findings

Use filters to narrow findings and focus on the results most relevant to your workflow. Filters help you organize findings by attributes such as severity, category, project, status, repository context, and other finding metadata so that you can investigate, triage, and remediate findings more efficiently. You can use the following filter types to manage findings effectively.
  • Basic filters: Use the preset filters to quickly narrow findings using common attributes such as severity, category, project, and status.
  • Advanced filters: Use advanced filters to create complex queries and combine multiple conditions based on repository context, branches, tags, and other finding attributes.

Search for findings using basic filters

Use the following basic filters to search for information in your findings.
  • Finding Level: Limit results by finding severity level.
  • Dismissed: Include or exclude dismissed findings. See Filter dismissed findings to learn more about filtering dismissed findings.
  • Category: Choose from CI/CD, Malware, license risks, operational risks, RSPM, GitHub Actions, SAST, AI models, containers, secrets, security, supply chain, or vulnerability and view related findings.
  • Projects: Narrow findings by one or more project names.
  • Custom Tags: Narrow down the list based on custom tags.
  • Attributes: Narrow down the list based on a range of factors such as:
    • if a patch is available to fix the findings
    • if the vulnerable function is reachable
    • if the dependency is reachable
    • if the dependency originates from a current repository or a current tenant
    • if the dependency is a test dependency
    • if the dependency’s discovery type is manifest, phantom, or segment match
    • if the finding originates from itself, direct, or a transitive dependency
    • filter the findings by the Exploited tag from CISA KEV
    • filter the findings by the Warn or Break the Build options set in the action policy
  • EPSS Probability: Choose the Exploit Prediction Scoring System (EPSS) score range.
  • Ecosystems: Filter by language or ecosystem.
  • Location: Narrow findings by where they occur (for example, path or location in the repository).
  • Confidence: Narrow findings by detection confidence.
  • SAST Languages: Narrow SAST findings by programming language.
  • Container Layers: Narrow container findings by image layer.
  • Remediation: Narrow vulnerability findings by fix status. Endor Patch Available filters findings where an Endor-provided patch is available to fix the vulnerability. Recommended Upgrade Available filters findings where a recommended version upgrade is available.
  • All Time: Choose a time range.

Search for findings using advanced filters

Use advanced filters to create powerful queries that drill deeper into the dataset to fetch results with a specific context. Search using the advanced filters applies to all the branches of a repository. You can retrieve results from any branch by specifying the relevant context ID or type. For example:
  • If the default branch for the BenchmarkJava repository uses master, applying filters with the context ID for master shows results specific to branch. To scan from the default branch, run the following command : 
    endorctl scan --path=.
  • Similarly, if there is another branch named test-branch, switching to that branch shows results specific to the branch. To scan the branch, run the following command: 
    git checkout test-branch
endorctl scan --path=.
After running the scans, you can view the findings specific to the branches in the Endor Labs user interface.
  1. Select Projects from the left sidebar.
  2. Select the project for which you want to view the findings.
  3. A drop-down menu at the top left of the page shows the repository’s default branch. Choose a different branch to view its findings. In the following example, master is the default branch. To view findings from other branches (for example, test-branch), choose the desired branch from the drop-down menu. Branch dropdown
Check Projects to see the default branch of your project. To change the default branch, use --as-default-branch while performing the endorctl scan. See scanning strategies for information on testing and monitoring different versions of your code.
The Advanced Filters use the GetFinding API call to fetch results. The following table lists some example attributes, you can use in your custom API calls. See also example combinations below.

Examples

Show all findings of critical vulnerability and high severity that have a fix available, with a reachable function and EPSS score greater than 10%. 
spec.level in ["FINDING_LEVEL_CRITICAL","FINDING_LEVEL_HIGH"] and spec.finding_tags contains ["FINDING_TAGS_FIX_AVAILABLE"] and spec.finding_tags contains ["FINDING_TAGS_REACHABLE_FUNCTION"] and spec.finding_metadata.vulnerability.spec.epss_score.probability_score > 0.1
Show vulnerabilities for a specific project. 
spec.finding_categories contains ["FINDING_CATEGORY_VULNERABILITY"] and spec.project_uuid == "660e2bc48c7d4e60a5fc692f"
Show vulnerabilities for a specific language in a specific project. 
spec.finding_categories contains ["FINDING_CATEGORY_VULNERABILITY"] and spec.ecosystem in ["ECOSYSTEM_PYPI"] and spec.project_uuid == "660e2bc48c7d4e60a5fc692f"

Saved filters

Saved filters are customizable filter settings that users can create and reuse across projects in Endor Labs. They improve efficiency by eliminating the need to manually recreate filters. You can save the advanced search filters that you created to fetch curated search results. Saved queries are visible in the drop-down list. To create a saved filter:
  1. Select Findings from the left sidebar.
  2. Toggle Advanced in the top right corner.
  3. Type the query in CUSTOMIZE FILTER.
  4. Enter a title in the field with the filter icon.
  5. Click Save New Filter.
Create saved filter

Manage saved filters

To delete a saved filter:
  1. Select Settings from the left sidebar.
  2. Select SAVED FILTERS.
  3. Click the vertical three dots on the right side of the filter you want to delete and click Delete.
To edit a saved filter:
  1. Select Settings from the left sidebar.
  2. Select SAVED FILTERS.
  3. Click the vertical three dots on the right side of the filter you want to edit and click Edit
  4. You can update the name, query, and tags.
  5. Click Update to save the updated changes.
Update saved filter

View Remediations

If you enable upgrade impact analysis, you can view the remediation recommendation when you select a finding, if available. Click View Details to view the details of the remediation recommendation. Click View Full Recommendation to view all available upgrade paths.