August 2024

We are excited to introduce you to the latest version of Endor Labs and endorctl - v1.6.448. This release includes new features and enhancements.

New Features

Upgrades and recommendations (Beta)

Endor Labs upgrade and remediation workflows provide an end-to-end solution to help you discover, prioritize, manage, and resolve risks in your software development environment.

  • Upgrade Impact Analysis: Endor Labs identifies and recommends upgrades for your dependencies. By pinpointing the distinct actions that can resolve your vulnerabilities and mitigate the risks associated with updates, your security program can make more informed risk management decisions and triage issues more effectively.
  • Endor Patches: Endor Labs backports security fixes to your packages, allowing you to minimize the impact of software updates. By using an Endor patch, you can update the libraries with a minimal viable security patch that reduces your risk of breaking changes, bugs, or performance issues associated with an upgrade.

For more information, see Upgrades and remediation.

Manage build tools (Beta)

Endor Labs provides you with the following options to define tools necessary for building your software while performing endorctl scans:

  • Specify tool chain configuration through endorctl API.
  • Specify tool chain configuration through profile.yaml file.
  • Falls back to the system default values for your tool chain specifications.

Endor Labs will automatically install build tools in a sandbox to ensure you can run highly accurate scans. Build tools are not installed on your host. For more information, see Manage build tools.

Support for Azure pipelines and Azure Advanced Security

You can integrate endorctl inside an Azure pipeline and view the scan results in Azure Advanced Security.

When you integrate endorctl in the Azure pipeline, endorctl scan runs and generates SARIF files during the pipeline run. The SARIF file is consumed by Advanced Security in your Azure repository. By configuring this integration, you can use Endor Labs seamlessly within the Azure ecosystem to enhance security and streamline workflows. For more information, see Scan with Azure Pipelines.

Enhancements

Changes to endorctl CLI options

Endor Labs is introducing two new endorctl CLI options --include-path and --exclude-path to replace the existing include and exclude options.

  • Using these new options, you can specify the file paths or patterns to exclude or include from the endorctl scan using Glob style expressions which are easier to use.
  • You can easily scope your scans by defining inclusion or exclusion patterns. See scoping scans for more details.

The existing --include and --exclude options are deprecated. However, if these options are already in use, such as in a script, the updates remain backwards compatible, ensuring continued functionality.

Changes to the default view on the Findings page

By default, Endor Labs now displays findings that meet the following criteria in the Findings page:

  • Critical severity vulnerabilities
  • Reachable vulnerabilities
  • Vulnerabilities with EPSS probability above 1%
  • Security vulnerabilities
  • Vulnerabilities created in the last week

Previously, the Findings page displayed all findings when you opened the Findings page.

You can use the basic or advanced filters to view additional findings. For more information, see View Findings.

Container action policy templates

Endor Labs now provides action policy templates that you can use to quickly create action policies specific to container scanning. For more information, see Action policy templates.

PDM package manager support for Python projects

Endor Labs now offers support for scanning Python projects that use PDM as their package manager. For more information, see Scan Python projects.

New fields to filter project dependencies

You can filter project dependencies and export additional fields for project dependencies with the following new fields:

  • License File
  • License Matched Text
  • License Name
  • License Type
  • License URL

Sign up with GitHub

You can now sign up to Endor Labs with your GitHub account.

Quickstart with Endor Labs GitHub App

Endor Labs GitHub App is now available as an option in quick start. The Endor Labs GitHub App allows you to quickly set up your GitHub repositories in Endor Labs and initiate scans. For more information, see Quick start with GitHub App.