October 2024
We are excited to introduce the latest features and enhancements in Endor Labs.
New features
Scan Java projects without pom.xml
You can now scan Java projects that do not have a pom.xml
file. This feature enables Endor Labs to scan a non-Maven and non-Gradle Java artifact, and provide the list of unresolved dependencies, resolved dependencies, and dependency tree. You can set the environment variables ENDOR_JVM_USE_ARTIFACT_SCAN
,ENDOR_JVM_USE_ARTIFACT_SCAN_CLASSPATH
, and ENDOR_JVM_FIRST_PARTY_PACKAGE
to facilitate the scan of such projects. See Scan projects without pom.xml for more information.
Export multiple package versions in SBOM
You can now export multiple package versions in an SBOM through endorctl with the new command options --package-version-uuids
, --project-uuid
, and --project-name
. This feature allows aggregating multiple package versions across one or many projects in a single SBOM file. See Export multiple package versions in SBOM for more information.
Enhancements
Auto detection of build tools
You can enable auto detection of build tools for their projects based on the manifest files present in the repository. Auto detection is supported for Long Term Support (LTS) versions of Java, Python, Go, and .NET (C#) projects. See Enable auto detection for more information.
Jira integration
When integrating Jira with Endor Labs, you can:
- Specify an issue type from the custom Jira project such as Bug, Task, Epic, Story, or any other value when raising a Jira ticket. This enables efficient categorization and tracking of issues within the project.
- Configure the integration to define custom fields with appropriate values, that align with your organization’s workflows. For instance, you can create key-value pairs like
Source = Endor Labs
to associate specific information with each Jira ticket raised from Endor Labs.
Note
Make sure the endortcl version is v1.6.547 to use ISSUE TYPE and v1.6.567 or higher to use Custom Fields.See Set up Jira integration with Endor Labs for more information.
Support for Bazel with Gazelle in vendored mode in Go projects
Endor Labs now supports scanning Go projects that use Bazel with Gazelle in vendored mode. See Scan Go projects using Bazel with Gazelle in vendored mode
Kotlin 2.0 Support
Endor Labs has extended Kotlin support to include version 2.0. With this enhancement, Endor Labs supports Kotlin projects from version 1.4 to 2.0.
Name change from SCPM to RSPM
Endor Labs now uses RSPM (Repository Security Posture Management) as the standard terminology for all SCPM (Source Code Posture Management) policies and findings across the user interface and documentation. Previously, both RSPM and SCPM were used interchangeably.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.