Release notes

Endor Labs helps you select, secure, and maintain dependencies, so development moves fast and supply chain risk remains low. The following release notes highlight the most recent major capabilities and any major bug fixes published by Endor Labs.

We are excited to introduce the latest features and enhancements in Endor Labs.

Outpost: On-premise scheduler for monitoring scans New

Outpost is a new on-premise scheduler for monitoring scans that you can run in your own Kubernetes cluster. When you install and configure Outpost, monitoring scans on your source code repositories are scheduled and run on your own Kubernetes cluster inside your firewall. For more information, see Outpost.

Authenticate Jira Data Center with Endor Labs Enhancement

You can now use Personal Access Token (PAT) to authenticate your Jira Data Center to Endor Labs.

For more information, see Configure Jira integration.

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor Labs App for Bitbucket Cloud New

Endor Labs now provides an app that you can use to onboard your Bitbucket Cloud workspace and projects, and continuously monitor them in Endor Labs. The Bitbucket Cloud repositories in the projects are scanned every 24-hours, and you can initiate a rescan according to your convenience.

For more information, see Endor Labs App for Bitbucket Cloud.

Endor Labs App for Bitbucket Data Center New

Endor Labs now provides an app that you can use to onboard your Bitbucket Data Center host and projects, and continuously monitor them in Endor Labs. The Bitbucket Data Center repositories in the projects are scanned every 24-hours, and you can initiate a rescan according to your convenience.

For more information, see Endor Labs App for Bitbucket Data Center.

Updated navigation for OSS Packages Enhancement

Endor Labs has updated the OSS Packages navigation. You can now access explore OSS Packages through the left sidebar, providing a more direct navigation.

For more information, see Search for open source packages.

Pull Request remediation support for .NET Enhancement

Endor Labs GitHub App (Pro) now supports PR remediation for .NET, alongside Java, JavaScript, Go, and Python. Automated remediation is available for dependencies managed through *.csproj.

For more information, see Pull requests remediation in GitHub

We are excited to introduce the latest features and enhancements in Endor Labs.

Software Composition Analysis (SCA) for C and C++ projectsNew Beta

You can now perform Software Composition Analysis (SCA) for C and C++ projects using Endor Labs to identify vulnerabilities, track dependencies, and ensure compliance with open-source security best practices. This helps you manage risk effectively and maintain a secure codebase.

You can now include C and C++ in your scan profile to enable scanning for C and C++ projects.

For more information, see Scan C/C++ projects.

Perform keyless authentication with Azure New

Endor Labs now supports keyless authentication for Azure, enabling seamless and secure access without the need to store or manage keys. By configuring your Azure virtual machine with a managed identity and creating an authorization policy in Endor Labs, you can integrate with Azure services while ensuring credential security.

For more information, see Keyless authentication for Azure.

Scan profiles Enhancement

The following enhancements are available for scan profiles.

  • You can configure the latest .NET SDK 9.0 toolchain in your scan profiles. This update is available for Linux and Darwin (macOS)’s arm64 and amd64 architectures, ensuring seamless integration across platforms. For more information, see Toolchain reference.

  • You can set a default scan profile for a namespace. For more information, see Set a default scan profile.

  • You can create a standard version of a build tool and use it across all scan profiles. For more information, see Configure build tools.

Filter findings with action policy violations Enhancement

You can now filter findings that violate action policy with the action policy enforcement attribute.

For more information, see Search for findings with basic filters.

Comments in Jira tickets Enhancement

With Jira integration, scan findings are now automatically updated in your Jira ticket comments. If new issues are detected or existing findings are resolved, a comment is generated with details.

For more information, see Comments in Jira tickets.

NTLM proxy support Enhancement

You can now configure NTLM proxy settings on machines that need to connect to Endor Labs when Internet access requires NTLM-authenticated proxy servers.

For more information, see Configure proxy servers.

PR remediation support for Python Enhancement

Endor Labs GitHub App (Pro) now supports PR remediation for Python, alongside Java, JavaScript, and Go. Automated remediation is available for dependencies managed through pyproject.toml and requirements.txt.

For more information, see Pull requests remediation in GitHub

Include or exclude archived repositories Enhancement

You can now include or exclude archived repositories when configuring scans using Azure DevOps and GitLab Apps. By default, archived repositories are excluded to conserve resources.

For more information, see Deploy Azure Devops App and Deploy GitLab App.

We are excited to introduce the latest features and enhancements in Endor Labs.

Endor patch dashboard New

The Endor Patch dashboard demonstrates the impact of Endor patches and request patches directly within the product.

It provides:

  • A list of the most impactful dependencies affecting applications, with patches available for evaluation.
  • Existing patches that can be used immediately upon purchase, along with their organization-wide impact.
  • A visualization of how multiple patches would affect an application portfolio.
  • Filters for reachability and severity to refine results easily.
  • The dashboard makes it easier to assess, justify, and act on patching needs efficiently.

For more information, see Endor patch dashboard.

View scan history New

Scan History gives you a detailed view of past security scans, helping you track your project’s security posture over time. With full context on individual scans, you can assess fidelity and troubleshoot issues more effectively.

For more information, see Review past scan details.

endorctl scan CLI options New

Use the following new endorctl CLI options for tagging findings and projects:

  • Associate custom tags with findings: Using the newly introduced endorctl scan CLI flag --finding-tags <tags> you can associate a list of custom tags with findings generated for objects in your scan. You can also use these tags to search and filter findings in the Endor Labs user interface.

  • Associate custom tags to your projects: Using the newly introduced endorctl scan CLI flag ``project-tags ` you can associate a list of custom tags to your projects.

For more information, see endorctl scan commands.

Endor Labs Azure Pipelines extension New

The Endor Labs Azure Pipelines extension is now available in the Visual Studio Marketplace.

You can use the extension to seamlessly integrate Endor Labs scanning into Azure Pipeline. For more information, see Use Endor Labs extension with Azure pipelines.

Add Azure organizations to Endor Labs Enhancement

You can now add Azure organizations to Endor Labs instead of individual projects. All projects under the organization are added automatically. Azure organizations and projects are mapped as managed namespaces in Endor Labs.

For more information, see Managed namespaces for Azure DevOps.

Handle multiple requirement files with custom names in pip Enhancement

Endor Labs now supports custom and multiple requirement file names while performing dependency analysis using the pip package manager. For more information, see Handling custom and multiple requirement files in pip.

Support for py_images with Bazel Enhancement

Endor Labs now supports scanning py_image with Bazel. For more information, see Select and build your Bazel targets.

Labels in Jira ticket Enhancement

Jira tickets created by Endor Labs now include the labels endorlabs-scan and endor-severity, making it easy to identify these tickets and the severity of the findings associated with them. For more information, see View ticket details in Jira.

Enhanced findings user interface Enhancement

Endor Labs has improved the user interface for findings:

  • Removed the Overview tab to simplify the findings workflow.
  • Moved the Dependencies and Packages tabs under Inventory for better organization and accessibility.

We are excited to introduce the latest features and enhancements in Endor Labs.

SAST scan with Endor Labs Beta New

You can now use the Endor Labs SAST scan to examine your source code and identify potential security vulnerabilities without program execution. For more information, see SAST scan with Endor Labs.

Detect AI models Beta New

Endor Labs’ scan can now detect AI models from HuggingFace used in Python projects and list them as dependencies. These models are flagged and displayed in the scan results. You can define custom policies to detect and flag models with low-quality scores, ensuring the use of secure and reliable AI models in your projects. For more information, see Detect AI Models.

Monitor your projects using Endor Labs GitLab App Beta New

You can now use the Endor Labs GitLab App to continuously monitors your projects for security and operational risk. You can use the GitLab App to selectively scan your repositories for SCA, secrets, SAST, and CI/CD tools. For more information, see Deploy Endor Labs GitLab App.

PR remediation with Endor Labs GitHub App Pro Beta New

You can use the Endor Labs GitHub App (Pro) to create automated pull requests to remediate findings in your GitHub environment. When PR remediation is set up, Endor Labs creates a PR to update the manifest files with dependency version upgrades, based on a remediation policy, to address vulnerability findings. For more information, see Pull requests remediation in GitHub.

Scan PRs with the Endor Labs GitHub App Beta New

In addition to automatically scanning your repositories every 24 hour, Endor Labs GitHub App can now perform fully automated scanning process for all pull requests and merges initiated into the main branch.

Whenever a PR is created against a repository, you can use the Endor Labs GitHub App to perform incremental scans to detect any changes in resolved dependencies that may introduce new vulnerabilities. These incremental scans are CI runs and are not monitored. You can see the results of the scan on GitHub.

Based on your prefrences, you can perform a quick scan or a full scan before merging the PRs into the main branch.

  • Quick Scan performs dependency resolution but does not conduct reachability analysis to prioritize vulnerabilities. The quick scan enables users to swiftly identify potential vulnerabilities in dependencies, ensuring a smoother and more secure merge into the main branch.
  • Full Scan performs dependency resolution, reachability analysis, and generate call graphs for supported languages and ecosystems. This scan enables users to get complete visibility and identifies all issues related to dependencies and call graph generation, before merging into the main branch. Full scans may take longer to complete, potentially delaying PR merges.

arm64 Linux binaries of endorctl New

endorctl is now available as arm64 binaries for Linux in addition to the existing AMD64 binaries. You can now use endorctl with arm64 flavors of Linux. For more information, see Install endorctl on Linux.

Function level reachability for JavaScript/TypeScript projects Enhancement

Function level reachability analysis for JavaScript/TypeScript projects is now enabled by default. This means you no longer need to manually enable it using the ENDOR_JS_ENABLE_TSSERVER environment variable or the --call-graph-languages flag.

We are excited to introduce the latest features and enhancements in Endor Labs.

Upgrade to endorctl version 1.6.734 or later for container scans Breaking change

Endor Labs has significantly improved container scanning, enhancing the accuracy of findings. As a result, container scans performed with older endorctl versions may yield different or no results in some cases.

To ensure accurate scans, upgrade endorctl to version 1.6.734 or higher.

Run endorctl --version to check your current version. For instructions on upgrading endorctl, see Install Endor Labs on your local system.

Upgrades and remediation support for .NET, Kotlin, and Scala projects Enhancement

Endor Labs upgrade impact analysis now extends its capabilities to support Kotlin, Scala, and .NET projects, complementing the existing support for Python and Java to streamline dependency upgrades across more languages. For more information, see Remediation support matrix.

Configure container finding policies Enhancement

Container base images from untrusted sources may lack proper security audits or fail to comply with organizational standards, increasing the risk of vulnerabilities being exploited. To address this, you can now configure a finding policy to detect unauthorised base images and raise a critical finding. For more information, see Container policies.

Export multiple package versions in SBOM Enhancement

You can now export multiple package versions in an SBOM through the Endor Labs user interface. This feature allows aggregating multiple package versions of a project in a single SBOM file. You can choose packages and package versions of a project, which you can export as an SBOM file. For more information, see Export an SBOM at the project level.

My Packages removed from Endor Labs user interface

My Packages page is no longer available on the Endor Labs user interface. Instead, you can view packages and package versions associated with a project under Projects. Use the package versions filter in Projects to filter by specific package criteria.