We are excited to introduce you to the latest version of Endor Labs and endorctl - v 1.6.5. This release includes several enhancements.
Enhancements
Command line flag changes for enhanced usability
Endor Labs has updated several flags to improve the overall usability for users. These changes are backwards compatible. All deprecated commands are hidden.
New scan options
New Flag | New Variable | Description |
---|---|---|
dependencies |
ENDOR_SCAN_DEPENDENCIES |
Scan Git commits and generate findings for all dependencies. |
droid-gpt |
ENDOR_SCAN_DROID_GPT |
Leverage the power of DroidGPT to interpret build errors and generate remediation advice. |
github |
ENDOR_SCAN_GITHUB |
Fetch information from GitHub, scan Git commits and generate findings for all dependencies, as well as any GitHub misconfigurations. |
secrets |
ENDOR_SCAN_SECRETS |
Scan the source code repository and generate findings for leaked secrets. |
Use the flags in combination with each other to make them more use case-specific.
Renamed flags
Deprecated Flag | New Flag | New Variable | Description |
---|---|---|---|
ci-baseline |
pr-baseline |
ENDOR_SCAN_PR_BASELINE |
Set to the Git reference that you are merging to, such as your default branch. Action policies will only flag issues that do not exist in the baseline so that developers are only alerted to issues on the current changes. Example: --pr-baseline=main . |
ci-run-uuid |
pr-uuid |
ENDOR_API_PR_UUID |
Only list resources from a specific PR scan. |
ci-run |
pr |
ENDOR_SCAN_PR |
Set if this is a PR scan. PR scans are not used for reporting or monitoring and should be treated as point in time policy and finding test. |
ci-tags |
tags |
ENDOR_SCAN_TAGS |
Specify a list of user-defined tags to add to the scan. Tags can be used to search and filter scans later. |
secrets-full-history |
git-logs |
ENDOR_SCAN_GIT_LOGS |
Audit the historical Git logs of the repository for all branches in the repository. Must be used together with --secrets . |
Troubleshoot build errors with DroidGPT
Endor Labs integrates with third-party Artificial Intelligence (AI) tools to help you troubleshoot errors while performing software composition analysis, dependency resolution, or generating call graphs during an endorctl scan.
In the event of an error, DroidGPT generates explanations and actionable advice for how to resolve the error on the given host system. These suggestions are displayed as part of the error log messages on the command line and can help you understand why build errors occurred during the scan process and how to resolve them.
Important
Recommendations generated are meant solely for informational purposes. Before implementing these suggestions, it is strongly advised to thoroughly verify and assess them to ensure their accuracy and suitability for your specific circumstances and work environments.Use the ENDOR_SCAN_DROID_GPT
environment variable or the --droid-gpt
flag to enable DroidGPT error logging on your system.
- Enable error logging while performing a scan.
endorctl scan --droid-gpt
- Enable error logging while checking the system specifications required for performing a scan.
endorctl host-check --droid-gpt
Example: Here is an example of the recommendations generated by DroidGPT while scanning a Ruby repository where the manifest file is not correctly configured.
*** NOTE: Use the following AI-generated advice at your own risk ***
DroidGPT suggests the following as a possible remediation:
1. The error message indicates that there is a problem parsing the Gemfile, which is preventing the dependency tree from being generated.
2. Specifically, the error message states that there are no gemspecs at the specified location, which is causing Bundler to fail.
3. To fix this issue, you should check that the Gemfile is correctly configured and that all necessary gemspecs are present.
4. Additionally, you may want to try running `bundle install` to ensure that all dependencies are properly installed.
5. Please note that this advice is generated by an AI and there may be additional factors at play that are not captured in the error message. As such, there is no guarantee that these steps will resolve the issue, and you should proceed with caution.