> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure system settings

> Configure Endor Labs application system settings to define the application behavior.

Administrators can configure the following settings to customize certain interactions with Endor Labs. These interactions include:

* [Configure CVSS score version](#configure-cvss-score-version)
* [Configure data privacy settings](#configure-data-privacy-settings)
* [Configure developer workflow settings](#configure-developer-workflow-settings)
  * [Allow ignore files to dismiss findings](#allow-ignore-files-to-dismiss-findings)
* [Configure Endor Patches settings](#configure-endor-patches-settings)
* [Configure policy settings](#configure-policy-settings)
* [Configure SBOM settings](#configure-sbom-settings)
* [Configure urgent notification settings](#configure-urgent-notification-settings)

## Configure CVSS score version

Endor Labs supports choosing between CVSS v4 and v3 scoring from vulnerability providers so that organizations can standardize their security assessments.

When CVSS v4 is enabled, vulnerability severities are determined using CVSS v4.x scores.

<Warning>
  Integrations with Vanta only support CVSS v3. If you are exporting vulnerability details to Vanta, only CVSS v3 data is included.
</Warning>

Endor Labs uses CVSS 3.x to report vulnerabilities by default.

To enable CVSS 4.x scoring:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **CVSS Version**.
3. Choose **CVSS 4.x**.
4. Click **Save CVSS Version Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/cvss.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=7dbc5b215792c71ea793bbf2d6d8db99" alt="CVSS settings" width="2278" height="552" data-path="images/platform-administration/configure-system-settings/cvss.webp" />

## Configure data privacy settings

Use data privacy settings to manage how your scan logs are handled to improve monitoring and visibility.

To configure data privacy settings:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **Data Privacy**.
3. Select **Remote Logging** to send scan logs to a centralized logging system for improved monitoring and debugging.
4. Select **Code Snippet Storage** to store and display code snippets that triggered SAST findings.
5. Select **Code Segment Embeddings and LLM Processing** to use embeddings and LLM processing to improve C/C++ and AI model detection accuracy.
6. Click **Save Data Privacy Settings** to save your changes.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/enable-embeddings.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=3684dc446bca5aab62bf1670cce1bc9d" alt="Data Privacy" width="2278" height="594" data-path="images/platform-administration/configure-system-settings/enable-embeddings.webp" />

## Configure developer workflow settings

Use developer workflow settings to control whether scans use ignore files in your repositories and to specify which paths are treated as ignore files.

### Allow ignore files to dismiss findings

Use ignore files to codify approved exceptions so that known, accepted vulnerabilities and other findings are ignored before they surface in the scan results. This lets teams manage exceptions as code, enabling developers and AppSec teams to review, track and version-control ignore decisions alongside the application, avoid noisy or redundant results, and prevent downstream automations, such as alerts, tickets, and PR checks, from firing on issues that have already been explicitly accepted as risk.

Ignore files must follow the supported yaml format where each entry specifies finding details and metadata such as expiration date and reason. For vulnerability findings only, the file may instead be a raw list of vulnerability IDs. Use the [endorctl ignore](/developers-api/cli/commands/ignore) command to generate and format the yaml ignore file, and the [endorctl validate ignore](/developers-api/cli/commands/validate/ignore) command to validate the file after updates or branch merges.

To enable ignore file support:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **Developer Workflows**.
3. Select **Allow ignore files to dismiss findings** to enable the feature.
4. Optionally, under **Ignore file paths**, customize the list of supported ignore file paths. By default, `.endorignore.yaml` is supported. You can add more file paths, for example, `.endorignore.yaml`, `custom-ignore.yaml`, `src/java/endorignore.yaml`, to allow scans to recognize multiple ignore files in a repository. If you specify a list of custom file paths that does not include `.endorignore.yaml` then the default file will no longer be processed by the scan. The configured file paths apply to all projects in the tenant.
5. Click **Save Workflows Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/settings-developer-workflows.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=d84a4af38630ba39e6d69d2431e09642" alt="Developer workflow settings" width="2278" height="594" data-path="images/platform-administration/configure-system-settings/settings-developer-workflows.webp" />

<Note>
  **Recommendation**

  Set up CODEOWNERS for all supported ignore files, for all projects, so that ignore entries require approval before they can be merged.
</Note>

## Configure Endor Patches settings

Use Endor Patches settings to activate auto patching for all your projects in your tenant with the supported ecosystems.

To configure Endor Patches settings:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **Endor Patches**.
3. Select **Auto Patch Vulnerable Dependencies** to apply vulnerability fixes to your applications without changing your code
4. Click **Save Patch Settings**.

<Note>
  Changes to auto patching settings may take up to ten minutes to take effect.
</Note>

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/settings-endor-patches.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=4b155d3b4d7d5058aaba71d0924bea74" alt="Endor Patches" width="2278" height="594" data-path="images/platform-administration/configure-system-settings/settings-endor-patches.webp" />

## Configure policy settings

Endor Labs comes with multiple out-of-the-box policies that help you ensure the security posture of your code repositories, detect secret leaks, discern license risks, and make your code compliant with the CIS benchmark.
Endor Labs regularly updates its existing policies and also includes new policies. Configure policy settings to ensure that you benefit from these regular updates.

To configure policy settings:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **Policies & Rules**.
3. Select **Enable Policies for New Features** to ensure that new policies released by Endor Labs are automatically enabled for your projects.

   This ensures that the policies are automatically applied and you can view the generated findings.
4. Select **Upgrade Policies to Latest Version** to ensure that any updates released by Endor Labs to the existing policies are automatically applied for your projects.
5. Click **Save Policy Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/policy-update-settings.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=a45e5ac1b26bf00217a8c977791f706e" alt="policy settings" width="2278" height="594" data-path="images/platform-administration/configure-system-settings/policy-update-settings.webp" />

## Configure SBOM settings

You can configure organizational settings that will be included in every one of your organization's SBOMs. These settings allow you to meet NTIA requirements for minimum SBOM data fields which require supplier contact information for your organization.

To define your organization's SBOM settings:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **SBOM**.
3. Enter the following organizational SBOM settings as appropriate for your organization under **SBOM Settings**.
   * **Organizational Name** - The organization that supplied the library or application that the SBOM describes.
   * **Contact Name** - A contact at the organization for SBOM related inquiries.
   * **Contact Email Address** - The organizational contact's email address.
   * **Supplier URL** - The website URL of the organization supplying the SBOM.
4. Click **Save SBOM Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/settings-sbom.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=8f8d9b92aa3040f7b0c6341ea676c639" alt="SBOM settings" width="2278" height="794" data-path="images/platform-administration/configure-system-settings/settings-sbom.webp" />

## Configure urgent notification settings

<Badge color="green">Beta</Badge>

Urgent notifications deliver real-time alerts about newly discovered malware that could impact your projects. These alerts are sent independently of your notification policy settings, enabling your security teams to take immediate action without waiting for the next scan cycle.

To configure urgent notification settings:

1. Select **User menu** > **Settings** from the left sidebar.
2. Select **SYSTEM SETTINGS** > **Urgent Notifications**.
3. Select **Enable urgent notification** to turn on alerts for malicious packages.
4. Select the **Setup Threshold** to define which affected package versions trigger notifications.
   * **Notify when definitely affected**: Receive notifications when a malicious package version exactly matches a dependency version used in your projects.
   * **Notify when potentially affected**: Receive notifications when a malicious package is detected among your dependencies, even if the versions differ.
5. Enter email addresses to receive these notifications in your inbox.
6. Optionally, enter a Slack webhook URL to receive them in Slack.
7. Click **Save Urgent Notifications Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/NT5eBW8QVW9Cos8R/images/platform-administration/configure-system-settings/urgent-notifications.webp?fit=max&auto=format&n=NT5eBW8QVW9Cos8R&q=85&s=4b9a61da911fcbfdcd480a0c8f7673f8" alt="Urgent notifications" width="2278" height="1124" data-path="images/platform-administration/configure-system-settings/urgent-notifications.webp" />