> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.endorlabs.com/feedback

```json
{
  "path": "/releasenotes/previous-releases/august-2025/index",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# August 2025

We are excited to introduce the latest features and enhancements in Endor Labs.

### Discontinuation of CI/CD tool scanning

<Badge icon="badge-alert" color="orange" shape="pill">Breaking change</Badge>

CI/CD tool scanning functionality is being deprecated and will be discontinued by September 15, 2025. This change does not affect the scanning of GitHub Action dependencies.

### AI security review

<Badge icon="star" color="green" shape="pill">New</Badge>

AI security review provides automated code review capabilities using artificial intelligence to identify potential security issues in your code base. You can set up AI security review to review pull requests and raise findings for security issues.

For more information, see [AI security review](/secure-ai-coding/ai-security-review).

### First-party code dashboard

<Badge icon="star" color="green" shape="pill">New</Badge>

The first-party code dashboard provides a comprehensive view of the vulnerabilities in your codebase from a SAST and secrets perspective.

For more information, see [First-party code dashboard](/inventory-insights/dashboards/first-party-code).

### Container end of life dependency finding policy

<Badge icon="star" color="green" shape="pill">New</Badge>

You can now enable the **End of Life Container Dependencies** finding policy to raise findings for OS-level packages and components in container images that have reached end of life.

For more information, see [Container finding policies](/platform-administration/policies/finding-policies/container-policies).

### Malware policies

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now offers improved malware detection with detailed malware reasoning, broader coverage, and timely warnings before malicious packages disappear from registries. You can use the following new malware focused policies:

* **Malware finding policy**: Enable OSS finding policy to identify known malicious code or suspicious patterns in dependencies and raise findings for them.
* **Malware action policy**: Create an action policy from the malware template to define how to handle malware findings.
* **Malware exception policy**: Create an exception policy to apply exceptions to malware findings under defined conditions and exclude them from action policies.

For more information, see [OSS finding policy](/platform-administration/policies/finding-policies/oss-policies), [Malware action policy](/platform-administration/policies/action-policies/templates#malware), and [Malware exception policy](/platform-administration/policies/exception-policies/templates#malware).

### Export SBOM in SPDX format

<Badge icon="star" color="green" shape="pill">New</Badge>

You can now export Software Bill of Materials in the industry standard SPDX format, with support for both `json` and `tag-value` output formats, making it easier to integrate SBOMs into existing compliance, auditing, and security workflows.

For more information see [Export SBOM in Endor Labs](/inventory-insights/sbom/exporting-sboms#export-an-sbom-as-spdx).

### Support for pull request scans in GHAS SARIF exporter

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

The GHAS SARIF exporter now supports pull request scans for GitHub App (Pro). If you have enabled pull request scans in your GitHub App, the GHAS SARIF exporter exports the findings for each pull request. You can view the findings for the pull request in GitHub Advanced Security.

For more information, see [Export findings to GitHub Advanced Security](/integrations/data-exporters/export-to-ghas).

### Azure OpenAI model detection

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs extends AI model detection to include Azure OpenAI, surfacing detected models as dependencies during scans. Azure OpenAI models are detected but not scored, as provider metadata is limited.

For more information, see [AI model detection](/secure-ai-coding/ai-model-discovery).

### Scan container image tarball

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now scan container images saved as tarball files using `endorctl`. This helps you analyze dependencies, generate SBOM details, and review security findings for container images that are not directly accessible from a registry.

For more information, see [Scan container image tarball](/scan/containers#scan-container-image-tarball).

### Search for malware in Vulnerability Database

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now use the MAL identifier to search for known malware in the Endor Labs vulnerability database and quickly identify malicious packages alongside existing vulnerabilities.

For more information, see [Endor Labs vulnerability database](/discover/vulnerability-db).