> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.endorlabs.com/feedback

```json
{
  "path": "/releasenotes/previous-releases/september-2025/index",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# September 2025

We are excited to introduce the latest features and enhancements in Endor Labs.

### Discontinuation of CI/CD tool scanning

<Badge icon="badge-alert" color="orange" shape="pill">Breaking change</Badge>

CI/CD tool scanning functionality is being deprecated and will be discontinued by the end of September 2025. This change does not affect the scanning of GitHub Action dependencies.

### Dedicated commands for container scans

<Badge icon="star" color="green" shape="pill">New</Badge>

You can now use the dedicated command `endorctl container scan` for container scanning. This replaces the older `endorctl scan --container` command. Migrate to `endorctl container scan` to ensure continued compatibility. For more information, see [Use new container scan commands](/scan/containers/container-migration).

<Warning>
  **Deprecation notice**

  The old `endorctl scan --container` commands and their corresponding flags (`--container`, `--container-tar`, and `--container-as-ref`) will be removed after a three-month deprecation period.
</Warning>

### Opengrep support for SAST and AI model detection

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now uses [Opengrep](https://www.opengrep.dev/) to scan your code for SAST and AI model findings instead of Semgrep. Opengrep is an open-source, static analysis tool that finds bugs and vulnerabilities in the source code using pattern matching. Endor Labs automatically downloads Opengrep for you when you run a scan that needs it.

You can continue using Semgrep with Endor Labs if you prefer. See [Use Semgrep with Endor Labs](/platform-administration/configure-system-settings#use-semgrep-with-endor-labs) for more information.

### Customize project scans using scan workflow

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now supports Scan Workflow, which lets you define scan profiles as sequential steps within a single project scan. This gives you fine grained control over how scans run, allowing you to target different parts of your codebase more precisely.

You can configure a scan workflow and assign it to your project either using the [Endor Labs API](/scan/scan-profiles/configure-scan-workflow-through-api) or through the [Endor Labs user interface](/scan/scan-profiles/configure-scanworkflow-through-ui).

For more information see [Configure Scan Workflow in Endor Labs](/scan/scan-profiles#scan-workflow).

### Upgrade Impact Analysis for JavaScript/TypeScript

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now supports Upgrade Impact Analysis (UIA) for JavaScript and TypeScript projects. UIA helps you understand the potential impact of upgrading dependencies by identifying breaking changes and dependency conflicts that may occur during upgrades.

For more information, see [Upgrade impact analysis](/risk-remediation/upgrade-impact-analysis) and [JavaScript/TypeScript scanning](/scan/sca/javascript).

### Recently released dependencies (cooldown)

<Badge icon="star" color="green" shape="pill">New</Badge>

Endor Labs now offers policies that reduce supply chain risks by detecting newly released open source dependencies within a configurable cooldown period and optionally blocking their adoption to prevent issues from unverified packages and malware.

* **Recently Released Dependencies finding policy**: Enable this finding policy to identify and raises findings for dependency versions that have been published within the defined cooldown period. Default cooldown period is 48 hours.

* **Recently Released Dependencies (Cooldown) action policy**: Create an action policy from the template to define how to handle these findings.

For more information, see [OSS finding policy](/platform-administration/policies/finding-policies/oss-policies), and [Recently released dependencies action policy](/platform-administration/policies/action-policies/templates#recently-released-dependencies-cooldown).

### Support for SAST scan on Windows

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

With the use of Opengrep instead of Semgrep for SAST scan, you can now run SAST scans on Windows. For more information, see [SAST scan with Endor Labs](/scan/sast).

### SwiftPM support for Swift/Objective-C projects

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now supports scanning Swift projects that use the Swift Package Manager (SwiftPM) by resolving dependencies from the `Package.swift` file.

For more information, see [Scan Swift projects](/scan/sca/swift-objective-c).

### Filter findings exported to GitHub Advanced Security

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now supports filtering findings exported to GitHub Advanced Security through action policies. Findings are exported only from projects covered by configured action policies.

For more information, see [Export findings to GitHub Advanced Security](/integrations/data-exporters/export-to-ghas#filter-findings-exported-to-github).

### Top 10 secret rules by severity

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

The First Party Code dashboard now features a stacked bar chart that displays the top 10 secret rules along with their corresponding findings. This enables you to identify high impact rules and prioritize remediation by severity.

For more information, see [First-party code](/inventory-insights/dashboards/first-party-code).

### Enhanced SARIF output with vulnerability identifiers

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now includes vulnerability aliases in SARIF output for SCA findings. Aliases such as CVE IDs, GHSA IDs, and other OSV identifiers help you track multiple identifiers for the same vulnerability and improve integration with security tools and workflows.

### Filter projects to view OSS overview

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now use the search bar to filter projects by name to focus the OSS overview on specific projects. This helps organizations prioritize the most critical and exploitable vulnerabilities, enabling more targeted security efforts.

For more information, see [First-party code](/inventory-insights/dashboards/first-party-code).

### Gradle package manager support

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

Endor Labs now supports Gradle package manager integration. You can configure private package manager repositories for Gradle through the user interface to scan dependencies from custom repositories and enhance dependency resolution.

For more information, see [Gradle private package manager](/integrations/package-managers/gradle-private-package-manager).

### Filter findings using project name

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now filter findings by project name, allowing you to target the findings of a specific project, focus on them, and eliminate noise from other projects.

For more information, see [Search for findings using basic filters](/inventory-insights/findings#search-for-findings-using-basic-filters).

### Clone scan profiles

<Badge icon="check" color="blue" shape="pill">Enhancement</Badge>

You can now clone scan profiles in your namespace. The cloned profile retains all parameters and custom settings, helping you set up new profiles faster and maintain consistent configurations across scans.

For more information, see [Clone scan profile](/scan/scan-profiles/configure-scanprofile-ui#clone-scan-profile).