December 2024

We are excited to introduce the latest features and enhancements in Endor Labs.

Upgrade to endorctl version 1.6.734 or later for container scans Breaking change

Endor Labs has significantly improved container scanning, enhancing the accuracy of findings. As a result, container scans performed with older endorctl versions may yield different or no results in some cases.

To ensure accurate scans, upgrade endorctl to version 1.6.734 or higher.

Run endorctl --version to check your current version. For instructions on upgrading endorctl, see Install Endor Labs on your local system.

Upgrades and remediation support for .NET, Kotlin, and Scala projects Enhancement

Endor Labs upgrade impact analysis now extends its capabilities to support Kotlin, Scala, and .NET projects, complementing the existing support for Python and Java to streamline dependency upgrades across more languages. For more information, see Remediation support matrix.

Configure container finding policies Enhancement

Container base images from untrusted sources may lack proper security audits or fail to comply with organizational standards, increasing the risk of vulnerabilities being exploited. To address this, you can now configure a finding policy to detect unauthorised base images and raise a critical finding. For more information, see Container policies.

Export multiple package versions in SBOM Enhancement

You can now export multiple package versions in an SBOM through the Endor Labs user interface. This feature allows aggregating multiple package versions of a project in a single SBOM file. You can choose packages and package versions of a project, which you can export as an SBOM file. For more information, see Export an SBOM at the project level.

My Packages removed from Endor Labs user interface

My Packages page is no longer available on the Endor Labs user interface. Instead, you can view packages and package versions associated with a project under Projects. Use the package versions filter in Projects to filter by specific package criteria.