Release notes

Endor Labs helps you select, secure, and maintain dependencies, so development moves fast and supply chain risk remains low. The following release notes highlight the most recent major capabilities and any major bug fixes published by Endor Labs.

April 2026

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs scans new repositories in your organization as soon as they are created when the GitHub App (Pro) or the GitHub Enterprise Server App is installed with All repositories selected. This enables pull request scanning immediately, without waiting for the next scheduled scan.

For installation scope, monitoring scans, and pull request checks, see Deploy Endor Labs GitHub App (Pro) and Deploy Endor Labs GitHub Enterprise Server App.

March 2026

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs now supports exporting SCA and SAST findings to Wiz after scheduled scans on the default branch. Findings map to Wiz enrichment schemas and appear in the Wiz Security Graph so you can correlate code risk with cloud context.

For more information, see Export findings to Wiz.

Endor Labs Skills are pre-built AI agent instructions that automate common security workflows using endorctl. Skills provide structured prompts that guide your AI coding assistant through tasks like installing and configuring endorctl, authenticating with identity providers, scanning repositories for vulnerabilities, and running secrets and SAST scans. Skills are available for Claude Code and Cursor.

For more information, see Skills.

Endor Labs now supports software composition analysis for Scala projects in Bazel repositories that use Bzlmod for external dependency management. Bzlmod support requires Bazel aspects with rules_scala >= 5.0.0.

For more information, see Bazel and Bazel Aspects.

The Endor Labs Bitbucket Data Center App now supports automated pull request scanning for security vulnerabilities, policy violations, and exposed secrets. You can also configure PR comments directly on your pull requests when issues are detected, helping developers address security concerns before merging code.

For more information, see Bitbucket Data Center App PR scans.

You can now snooze findings to temporarily dismiss them and choose when they should reappear, making it easier to defer action on findings without creating permanent exception policies.

For more information, see Snooze findings.

You can use an ignore file in your repository to exclude specific findings from scan results. The file is read during a scan and applies only to the repository version that contains it. Entries that match the file are excluded from the findings view and do not trigger action policies.

For more information, see Dismiss findings using an ignore file and Allow ignore files to dismiss findings.

Endor Labs now supports scanning container images directly from container registries.

Use endorctl container registry commands to:

  • Discover container images across repositories.
  • Apply filters to control the scan scope.
  • Create and reuse scan plans for repeated scans.

For more information, see Container registry scanning.

Endor Labs introduces Package Firewall, which inspects package requests during installation and blocks packages identified as malware in real time.

Package Firewall integrates with JFrog Artifactory to route package traffic through the firewall before packages are downloaded. Malicious packages are blocked before they reach developer environments or CI pipelines.

For more information, see Package Firewall.

Endor Labs now offers support for scanning JavaScript and TypeScript projects in Rush monorepos by resolving dependencies from rush.json and the centralized lock file.

For more information, see Scan Rush monorepos.

The Endor Labs MCP server now supports Claude Code, OpenAI Codex, Devin, Augment Code, and IntelliJ IDEA, in addition to the previously supported Cursor, Visual Studio Code, and Gemini CLI platforms. You can integrate the MCP server into your preferred AI-powered development workflow to scan code in real-time and catch security issues before they reach production.

For more information, see MCP Server.

February 2026

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs now supports container reachability, which determines which OS packages in a container image are used at runtime and marks them as Reachable, Potentially Reachable, or Unreachable. This helps you prioritize remediation for dependencies that are actually exercised during execution.

Endor Labs supports two container reachability modes based on how your workload runs and its runtime dependencies.

  • Basic reachability: Profiles the container locally during the scan. Use when the application has no external dependencies.
  • Instrumented reachability: Runs the image in your real environment with an embedded sensor to capture runtime behavior. Use when the workload requires databases, queues, or other external services.

For more information, see Container reachability and Instrumented container reachability.

Endor Labs now supports Bzlmod when you use Bazel aspects. Currently, only Go and Java rulesets support Bzlmod. For more information, see Bazel and Bazel aspects.

For more information, see Bazel Bzlmod support.

Endor Labs now supports Bazel aspects to improve dependency resolution accuracy in Bazel workspaces. Endor Labs automatically discovers and applies the appropriate rules for your project, and also supports custom aspects for projects with custom build rules.

For more information, see Bazel aspects.

Endor Labs now supports AI-powered analysis for SAST findings to automatically classify them as true positives or false positives. The AI agent analyzes code context, traces data flows, and evaluates security controls to reduce false positives, helping security teams and developers focus on genuine security vulnerabilities. AI SAST analysis features require a Code Pro license.

For more information, see SAST scan with AI analysis.

The Endor Labs Bitbucket Cloud App now supports automated pull request scanning for security vulnerabilities, policy violations, and exposed secrets. You can also configure PR comments directly on your pull requests when issues are detected, helping developers address security concerns before merging code.

For more information, see Bitbucket Cloud App PR scans.

You can now use search for notifications using the policy name or Jira issue key, and also apply filters to narrow down notifications by time range, projects, notification channels, or error status. This helps you quickly locate specific notifications, identify patterns across your security events, and efficiently manage notification workflows.

For more information, see Notifications.

Endor Labs now features a redesigned interface with updated navigation, layout, and workflows, making it easier to find and manage your security data. For more information, see Endor Labs user interface.

DroidGPT has been removed from the product. For AI-powered help with findings and scan errors, use the Endor AI Chat in the application.

Some API services are now designated as internal. As a result, they are no longer visible in the public API documentation.

January 2026

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs now supports exporting scan data to an Amazon S3 storage bucket for archival, compliance, or integration with other tools. The S3 exporter supports exporting findings in JSON or SARIF format.

For more information, see Export findings to S3.

You can now use the None (Notify for each Finding) aggregation type to send separate notifications for every finding generated from the configured action policy, making it easier to track and assign individual security issues. This aggregation type is supported only for SAST and Secrets action policies.

For more information, see Aggregation types for notifications.

Endor Labs now includes finding tags and categories in the SARIF output when exporting findings to GitHub Advanced Security (GHAS). You can use these tags to filter and identify specific types of findings in GitHub code scanning, such as reachable vulnerabilities, findings with available fixes, or findings by category, like SCA, SAST, and Secrets.

For more information, see Filter findings by tags in GitHub.

December 2025

We are excited to introduce the latest features and enhancements in Endor Labs.

The Endor Labs MCP server is now available in Developer Edition. You can get started without any prior configuration or Endor Labs account.

The Endor Labs MNP server Enterprise Edition has also been updated to provide easier configuration and setup.

For more information, see Endor Labs MCP server.

The Endor Labs MCP server is now available as a Gemini extension. You can use natural language commands to interact with the MCP server. For more information, see Endor Labs MCP server as a Gemini extension.

The dependency graph now offers improved rendering performance and enhanced node interactions, making it easier to visualize and explore complex dependency trees.

For more information, see View dependency graph.

November 2025

We are excited to introduce the latest features and enhancements in Endor Labs.

You can now scan merge requests using the Endor Labs GitLab App. You can also configure MR comments to receive comments on your merge requests.

For more information, see GitLab App MR scans.

You can now enable urgent notifications in Endor Labs to receive real-time alerts for newly discovered malware, allowing you to take immediate action.

For more information, see Urgent Notifications.

Endor Labs now sets the default branch detection flag for all projects to true by default. Endor Labs automatically detects the new default branch and sets that as the default reference for all the projects configured with the Endor Labs SCM Apps.

For more information, see Default branch detection.

Endor Labs now enables the malware finding policy by default for all tenants. You automatically receive findings for suspicious and malicious code across all projects, helping you detect and remediate security issues faster.

For more information, see OSS finding policy.