> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# May 2026

We are excited to introduce the latest features and enhancements in Endor Labs.

### License Inventory

<Badge icon="flask" color="blue" shape="pill">Beta</Badge> <Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now provides a centralized view of open source licenses in your namespace, allowing you to review license details and project usage, edit incomplete dependency license data, and generate Notice reports for software distribution.

For more information, see [Licenses](/inventory-insights/licenses).

### Bazel support for TypeScript projects

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now supports Bazel scans for TypeScript projects with [rules\_ts](https://github.com/aspect-build/rules_ts). Scan `ts_project` and `ts_project_rule` targets. Both the WORKSPACE model and Bzlmod are supported with Bazel aspects. Requires `rules_ts` >= 1.0.0.

For more information, see [Bazel](/scan/bazel) and [Bazel Aspects](/scan/bazel/bazel-aspects).

### Container inventory

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now introduces **Container Inventory** which provides a centralized view of all container images across your namespace, including shared base images and application images. It helps you track where the images are used, understand relationships between them, and identify potential risk exposure.

For more information, see [Container findings](/scan/containers/container-findings).

### Bitbucket Cloud App authentication with email and API token

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now supports connecting the Bitbucket Cloud App with an Atlassian account email and API token.

For more information, see [Deploy Endor Labs Bitbucket App in Bitbucket Cloud](/setup-deployment/scm-integrations/bitbucket-cloud) and [Create an API token](/setup-deployment/scm-integrations/bitbucket-cloud/bitbucket-cloud-pr-scans#create-an-api-token).

### Filter findings by discovery type

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now filter findings by how a dependency is discovered using the Discovery type attribute filter. This gives you better visibility into dependency origins if it was through manifest, phantom, and segment match types.

For more information, see [Finding attributes](/inventory-insights/findings#finding-attributes).

### Dependency file location visualization for C/C++ packages

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

C/C++ scans now show dependency file locations as a visualization for each matched dependency. Expand the tree to see which source paths led to its identification.

For more information, see [Scan C/C++](/scan/sca/c#view-dependency-file-locations).

### Create Jira issues from Findings

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now create Jira issues manually from Findings for one or more findings. This allows you to act on findings that are not covered by an existing action policy, without waiting for a scheduled scan. Every issue created is recorded in **Notifications** as an **On-demand notification**.

For more information, see [Create Jira issues from Findings](/inventory-insights/findings#create-jira-issues-from-findings).

### Custom lock file location for JavaScript scans

<Badge icon="star" color="green" shape="pill">New</Badge>

You can now specify an exact lock file path for JavaScript and TypeScript scans using the `ENDOR_JS_LOCK_FILE_PATH` environment variable. This is useful for monorepos, nested projects, and custom build setups where the lock file does not live at the package directory or repository root. The variable applies to npm, Yarn, pnpm, and Lerna projects and takes precedence over `ENDOR_JS_USE_ROOT_DIR_LOCK_FILE`.

For more information, see [Specify a custom lock file location](/scan/sca/javascript#specify-a-custom-lock-file-location).

### Jira integration enhancements

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs Jira integration now includes the following updates:

* You can now use scoped API tokens for the Jira integration, limiting token access to only the permissions required and improving token tracking and management.

* You can configure the Jira integration using a service account, keeping credentials independent of individual users.

For more information, see [Jira integration with Endor Labs](/integrations/jira).

### Package Firewall policy

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now offers Package Firewall policies, giving you finer control over package installations beyond malware detection. Configure criteria such as restricted licenses and minimum package age to determine when the Package Firewall blocks or warns on package installations. You can also define exceptions to allow specific packages or version ranges to bypass all Package Firewall checks.

For more information, see [Package Firewall policy](/package-firewall/policy).

### Chainguard images support in container scanning

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now supports container scanning with OS reachability and instrumented reachability for Chainguard application images.

For more information, see [Container scanning](/scan/containers).

### Package Firewall role

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now create a **Package Firewall User** role through the Endor Labs application to authenticate to Package Firewall.

For more information, see [Authorization roles](/platform-administration/rbac/authorization-roles).

### Go support in Package Firewall

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now use the Package Firewall to block malicious Go modules during installation. Set up a Go remote repository in JFrog Artifactory to route module requests through the Package Firewall.

For more information, see [Package Firewall](/package-firewall).

### Deleted findings in scan history

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now view findings resolved by a scan from scan history under **Deleted Findings**. Each row shows the finding name, severity, category, when it was first detected, and attribute tags.

For more information, see [Scan history](/inventory-insights/scan-history).

### SAST and secret finding location in finding logs

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

SAST and secret finding logs now include the file location where the finding was detected. This helps you track these findings and correlate them with specific code locations across scans.

For more information, see [Scan history](/inventory-insights/scan-history).
