Release notes
Endor Labs helps you select, secure, and maintain dependencies, so development moves fast and supply chain risk remains low. The following release notes highlight the most recent major capabilities and any major bug fixes published by Endor Labs.
We are excited to introduce the latest features and enhancements in Endor Labs.
Outpost: On-premise scheduler for monitoring scans New
Outpost is a new on-premise scheduler for monitoring scans that you can run in your own Kubernetes cluster. When you install and configure Outpost, monitoring scans on your source code repositories are scheduled and run on your own Kubernetes cluster inside your firewall. For more information, see Outpost.
Authenticate Jira Data Center with Endor Labs Enhancement
You can now use Personal Access Token (PAT) to authenticate your Jira Data Center to Endor Labs.
For more information, see Configure Jira integration.
We are excited to introduce the latest features and enhancements in Endor Labs.
Endor Labs App for Bitbucket Cloud New
Endor Labs now provides an app that you can use to onboard your Bitbucket Cloud workspace and projects, and continuously monitor them in Endor Labs. The Bitbucket Cloud repositories in the projects are scanned every 24-hours, and you can initiate a rescan according to your convenience.
For more information, see Endor Labs App for Bitbucket Cloud.
Endor Labs App for Bitbucket Data Center New
Endor Labs now provides an app that you can use to onboard your Bitbucket Data Center host and projects, and continuously monitor them in Endor Labs. The Bitbucket Data Center repositories in the projects are scanned every 24-hours, and you can initiate a rescan according to your convenience.
For more information, see Endor Labs App for Bitbucket Data Center.
Updated navigation for OSS Packages Enhancement
Endor Labs has updated the OSS Packages navigation. You can now access explore OSS Packages through the left sidebar, providing a more direct navigation.
For more information, see Search for open source packages.
Pull Request remediation support for .NET Enhancement
Endor Labs GitHub App (Pro) now supports PR remediation for .NET, alongside Java, JavaScript, Go, and Python. Automated remediation is available for dependencies managed through *.csproj
.
For more information, see Pull requests remediation in GitHub
We are excited to introduce the latest features and enhancements in Endor Labs.
Software Composition Analysis (SCA) for C and C++ projectsNew Beta
You can now perform Software Composition Analysis (SCA) for C and C++ projects using Endor Labs to identify vulnerabilities, track dependencies, and ensure compliance with open-source security best practices. This helps you manage risk effectively and maintain a secure codebase.
You can now include C and C++ in your scan profile to enable scanning for C and C++ projects.
For more information, see Scan C/C++ projects.
Perform keyless authentication with Azure New
Endor Labs now supports keyless authentication for Azure, enabling seamless and secure access without the need to store or manage keys. By configuring your Azure virtual machine with a managed identity and creating an authorization policy in Endor Labs, you can integrate with Azure services while ensuring credential security.
For more information, see Keyless authentication for Azure.
Scan profiles Enhancement
The following enhancements are available for scan profiles.
-
You can configure the latest .NET SDK 9.0 toolchain in your scan profiles. This update is available for Linux and Darwin (macOS)’s arm64 and amd64 architectures, ensuring seamless integration across platforms. For more information, see Toolchain reference.
-
You can set a default scan profile for a namespace. For more information, see Set a default scan profile.
-
You can create a standard version of a build tool and use it across all scan profiles. For more information, see Configure build tools.
Filter findings with action policy violations Enhancement
You can now filter findings that violate action policy with the action policy enforcement attribute.
For more information, see Search for findings with basic filters.
Comments in Jira tickets Enhancement
With Jira integration, scan findings are now automatically updated in your Jira ticket comments. If new issues are detected or existing findings are resolved, a comment is generated with details.
For more information, see Comments in Jira tickets.
NTLM proxy support Enhancement
You can now configure NTLM proxy settings on machines that need to connect to Endor Labs when Internet access requires NTLM-authenticated proxy servers.
For more information, see Configure proxy servers.
PR remediation support for Python Enhancement
Endor Labs GitHub App (Pro) now supports PR remediation for Python, alongside Java, JavaScript, and Go. Automated remediation is available for dependencies managed through pyproject.toml
and requirements.txt
.
For more information, see Pull requests remediation in GitHub
Include or exclude archived repositories Enhancement
You can now include or exclude archived repositories when configuring scans using Azure DevOps and GitLab Apps. By default, archived repositories are excluded to conserve resources.
For more information, see Deploy Azure Devops App and Deploy GitLab App.
We are excited to introduce the latest features and enhancements in Endor Labs.
Endor patch dashboard New
The Endor Patch dashboard demonstrates the impact of Endor patches and request patches directly within the product.
It provides:
- A list of the most impactful dependencies affecting applications, with patches available for evaluation.
- Existing patches that can be used immediately upon purchase, along with their organization-wide impact.
- A visualization of how multiple patches would affect an application portfolio.
- Filters for reachability and severity to refine results easily.
- The dashboard makes it easier to assess, justify, and act on patching needs efficiently.
For more information, see Endor patch dashboard.
View scan history New
Scan History gives you a detailed view of past security scans, helping you track your project’s security posture over time. With full context on individual scans, you can assess fidelity and troubleshoot issues more effectively.
For more information, see Review past scan details.
endorctl scan CLI options New
Use the following new endorctl CLI options for tagging findings and projects:
-
Associate custom tags with findings: Using the newly introduced
endorctl scan
CLI flag--finding-tags <tags>
you can associate a list of custom tags with findings generated for objects in your scan. You can also use these tags to search and filter findings in the Endor Labs user interface. -
Associate custom tags to your projects: Using the newly introduced
endorctl scan
CLI flag ``project-tags` you can associate a list of custom tags to your projects.
For more information, see endorctl scan commands.
Endor Labs Azure Pipelines extension New
The Endor Labs Azure Pipelines extension is now available in the Visual Studio Marketplace.
You can use the extension to seamlessly integrate Endor Labs scanning into Azure Pipeline. For more information, see Use Endor Labs extension with Azure pipelines.
Add Azure organizations to Endor Labs Enhancement
You can now add Azure organizations to Endor Labs instead of individual projects. All projects under the organization are added automatically. Azure organizations and projects are mapped as managed namespaces in Endor Labs.
For more information, see Managed namespaces for Azure DevOps.
Handle multiple requirement files with custom names in pip Enhancement
Endor Labs now supports custom and multiple requirement file names while performing dependency analysis using the pip package manager. For more information, see Handling custom and multiple requirement files in pip.
Support for py_images with Bazel Enhancement
Endor Labs now supports scanning py_image with Bazel. For more information, see Select and build your Bazel targets.
Labels in Jira ticket Enhancement
Jira tickets created by Endor Labs now include the labels endorlabs-scan
and endor-severity
, making it easy to identify these tickets and the severity of the findings associated with them. For more information, see View ticket details in Jira.
Enhanced findings user interface Enhancement
Endor Labs has improved the user interface for findings:
- Removed the Overview tab to simplify the findings workflow.
- Moved the Dependencies and Packages tabs under Inventory for better organization and accessibility.
Version upgrade notice
Effective 21st January 2025, Endor Labs and endorctl are upgraded to version 1.7 from the previous 1.6.x series. This version upgrade reflects continuous improvements to our GitHub App and introduces a new suite of capabilities to help teams accelerate their security maturity.
Policy updates and the activation of new policies are disabled by default. To allow automatic updates and enable new policies by default, see Configure policy settings.
This update does not introduce any breaking changes and requires no action on your part. You can continue using the product without any impact on compatibility or performance.
We are excited to introduce the latest features and enhancements in Endor Labs.
SAST scan with Endor Labs Beta New
You can now use the Endor Labs SAST scan to examine your source code and identify potential security vulnerabilities without program execution. For more information, see SAST scan with Endor Labs.
Detect AI models Beta New
Endor Labs’ scan can now detect AI models from HuggingFace used in Python projects and list them as dependencies. These models are flagged and displayed in the scan results. You can define custom policies to detect and flag models with low-quality scores, ensuring the use of secure and reliable AI models in your projects. For more information, see Detect AI Models.
Monitor your projects using Endor Labs GitLab App Beta New
You can now use the Endor Labs GitLab App to continuously monitors your projects for security and operational risk. You can use the GitLab App to selectively scan your repositories for SCA, secrets, SAST, and CI/CD tools. For more information, see Deploy Endor Labs GitLab App.
PR remediation with Endor Labs GitHub App Pro Beta New
You can use the Endor Labs GitHub App (Pro) to create automated pull requests to remediate findings in your GitHub environment. When PR remediation is set up, Endor Labs creates a PR to update the manifest files with dependency version upgrades, based on a remediation policy, to address vulnerability findings. For more information, see Pull requests remediation in GitHub.
Scan PRs with the Endor Labs GitHub App Beta New
In addition to automatically scanning your repositories every 24 hour, Endor Labs GitHub App can now perform fully automated scanning process for all pull requests and merges initiated into the main branch.
Whenever a PR is created against a repository, you can use the Endor Labs GitHub App to perform incremental scans to detect any changes in resolved dependencies that may introduce new vulnerabilities. These incremental scans are CI runs and are not monitored. You can see the results of the scan on GitHub.
Based on your prefrences, you can perform a quick scan or a full scan before merging the PRs into the main branch.
- Quick Scan performs dependency resolution but does not conduct reachability analysis to prioritize vulnerabilities. The quick scan enables users to swiftly identify potential vulnerabilities in dependencies, ensuring a smoother and more secure merge into the main branch.
- Full Scan performs dependency resolution, reachability analysis, and generate call graphs for supported languages and ecosystems. This scan enables users to get complete visibility and identifies all issues related to dependencies and call graph generation, before merging into the main branch. Full scans may take longer to complete, potentially delaying PR merges.
arm64 Linux binaries of endorctl New
endorctl is now available as arm64 binaries for Linux in addition to the existing AMD64 binaries. You can now use endorctl with arm64 flavors of Linux. For more information, see Install endorctl on Linux.
Function level reachability for JavaScript/TypeScript projects Enhancement
Function level reachability analysis for JavaScript/TypeScript projects is now enabled by default. This means you no longer need to manually enable it using the ENDOR_JS_ENABLE_TSSERVER
environment variable or the --call-graph-languages
flag.
We are excited to introduce the latest features and enhancements in Endor Labs.
Upgrade to endorctl version 1.6.734 or later for container scans Breaking change
Endor Labs has significantly improved container scanning, enhancing the accuracy of findings. As a result, container scans performed with older endorctl versions may yield different or no results in some cases.
To ensure accurate scans, upgrade endorctl to version 1.6.734 or higher.
Run endorctl --version
to check your current version. For instructions on upgrading endorctl, see Install Endor Labs on your local system.
Upgrades and remediation support for .NET, Kotlin, and Scala projects Enhancement
Endor Labs upgrade impact analysis now extends its capabilities to support Kotlin, Scala, and .NET projects, complementing the existing support for Python and Java to streamline dependency upgrades across more languages. For more information, see Remediation support matrix.
Configure container finding policies Enhancement
Container base images from untrusted sources may lack proper security audits or fail to comply with organizational standards, increasing the risk of vulnerabilities being exploited. To address this, you can now configure a finding policy to detect unauthorised base images and raise a critical finding. For more information, see Container policies.
Export multiple package versions in SBOM Enhancement
You can now export multiple package versions in an SBOM through the Endor Labs user interface. This feature allows aggregating multiple package versions of a project in a single SBOM file. You can choose packages and package versions of a project, which you can export as an SBOM file. For more information, see Export an SBOM at the project level.
My Packages removed from Endor Labs user interface
My Packages page is no longer available on the Endor Labs user interface. Instead, you can view packages and package versions associated with a project under Projects. Use the package versions filter in Projects to filter by specific package criteria.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.