Skip to main content
We are excited to introduce the latest features and enhancements in Endor Labs.

Direct integration with Package Firewall

Beta New You can now configure the Package Firewall using direct integration, which routes package installation requests through the firewall without relying on an intermediary registry such as JFrog Artifactory. The firewall evaluates each request against the Endor Labs malware database and your configured Package Firewall policies to block, warn, or allow the installation. For more information, see Configure the Package Firewall with direct integration.

Git-based dependencies

Beta New Endor Labs now resolves private Git-based dependencies hosted outside the repository being scanned, including those in a different organization, workspace, or project. Configure credentials for these repositories in the Git-based dependency integration to improve dependency resolution and reachability analysis. If an existing SCM integration already has access to these repositories, Endor Labs reuses those credentials. For more information, see Git-based dependencies.

OSS Coverage dashboard

Beta New You can now use the OSS Coverage dashboard to get a centralized view of open source coverage across your namespace. You can see how Endor Labs resolves dependencies and performs reachability analysis on your scanned projects. The dashboard groups coverage gaps by root cause, and each error links to the full scan log so you can investigate and fix scan failures. For more information, see OSS coverage

Dry-run mode for container scanning

Enhancement You can now run endorctl container scan and endorctl container registry scan in dry-run mode using the --dry-run flag. Scan results are stored only in memory and not forwarded to the Endor Labs API, so you can test container scans locally without writing any data. Base image scanning is not supported in dry-run mode. For more information, see container scanning.

Exit code for baseline not found

Enhancement When a PR scan cannot locate the baseline specified with --pr-baseline, endorctl now returns exit code 43 (ENDORCTL_RC_BASELINE_NOT_FOUND) instead of the generic invalid-arguments code. This makes it easier to identify and script against baseline resolution failures. For more information, see endorctl CLI exit codes.

Custom lock file location for JavaScript scans

Enhancement You can now specify an exact lock file path for JavaScript and TypeScript scans using the ENDOR_JS_LOCK_FILE_PATH environment variable. This is useful when the lock file does not live at the package directory or repository root. For more information, see Specify a custom lock file location.

Maven support for the Package Firewall

Enhancement You can now configure the Package Firewall for Maven to route Java dependency requests through Endor Labs and block known malicious packages. Maven is supported for both JFrog Artifactory and direct integration. For more information, see Configure the Package Firewall with JFrog Artifactory and Configure the Package Firewall with direct integration.

Vulnerability detection in Package Firewall policies

Enhancement You can now set a CVSS severity threshold in your Package Firewall policy to block or warn on package versions that have a known vulnerability. For more information, see Package Firewall policy.