September 2023

We are excited to introduce you to the latest version of Endor Labs and endorctl - v 1.5.251. This release includes new features and enhancements.

New Features

Prioritize vulnerabilities with C# call graphs

Users can now use call graphs in the Endor Labs application to analyze the dependencies and relationships among various functions in .NET C# projects.

• Endor Labs generates the call graphs for your C# projects and identifies functions or methods with known vulnerabilities or potential security issues.
• Users can examine the call graph to identify the functions that directly or indirectly call the vulnerable functions by tracing the paths of execution.
• Users can prioritize the vulnerabilities based on their severity, threat levels, and application importance.

Call graphs assist users in comprehending the potential consequences and enable them to prioritize the resolution of vulnerabilities that are more likely to result in additional exploitation.

View policy violations in PR comments

Users can view policy violations in their source code before committing the code to the repository during the automated pre-commit checks. The information is included as comments on the respective pull requests. Users can easily identify and take remedial measures early in the development life cycle.

Based on the actions configured in your action policy, the workflow is designed to either warn you or fail the build based on the severity of these policy violations.

Configure webhooks

Integrate Endor Labs with webhooks to send Endor Labs notifications to webhooks and pass information to any third-party applications such as Slack, Microsoft Teams, and many more. Users can monitor the webhook channels to investigate and take remedial measures. With a webhook integration, you can configure Endor Labs to send information to the webhook as an HTTP POST request as soon as a notification is generated. You can also modify the key format and value associated with the notification in the payload.

Perform organization-wide supervisory scans

Use the Endor Labs Jenkins pipeline to scan all the repositories in your organization at once and view consolidated findings. This pipeline runs on your organization’s Jenkins infrastructure and enables administrators to run organization-level supervisory scans easily. It is designed to work in GitHub Cloud and GitHub enterprise server environments.

Enhancements

Detect malware packages

When software applications depend on malicious packages, the confidentiality, integrity and availability of systems and data belonging to software development organizations or to application end-users is compromised.

Endor Labs now detects application dependencies that are known to be malicious, as reported by the Open Source Vulnerabilities (OSV). Use the newly introduced Malware category on the Findings page to filter and view malware findings. Users can prioritize, and take necessary remedial actions such as patching or replacing the affected packages.

Configure private Nuget repositories

Endor Labs provides the support to integrate with private Nuget package repositories, in addition to scanning public C# projects and repositories. Users can configure this integration from Manage > Integrations > Nuget. Endor Labs will fetch the resources from the authenticated endpoints and perform the scan.

Secrets enhancements

• Scan for secrets in pre-commits - Users can scan for secrets in the code before committing the code to the code repository during the automated pre-commit checks. This helps identify and remove sensitive information from the code files early in the development life cycle.

• Secrets deduplication - A single secret may exist at multiple places in your code or repository. Duplicate secrets increase the attack surface and the risk of unauthorized access. Managing duplicate secrets can be complex and error-prone. Endor Labs intelligently categorizes instances of identical secrets found within your application components and repositories and raises a single finding so that you can manage them efficiently.