Common fields
All objects adhere to the same high-level structure as outlined below. Object specific fields are defined in Spec. For more information, see Resource kinds.
UUID
All objects have a unique UUID. You can use UUID to retrieve objects individually through the API.
Meta
All objects include a common nested object called Meta. This mandatory object contains common fields for each object, including:
Field name | Description |
---|---|
name |
The name of the object. |
description |
A description of the object. |
kind |
The resource kind of the object (for example, RepositoryVersion ). |
version |
The version of the object, used to differentiate between different versions if needed. |
parent_uuid |
The UUID of the parent object. |
parent_kind |
The resource kind of the parent object (for example, Project ). |
create_time |
The time the object was created. |
update_time |
The time the object was last updated (HTTP PATCH). |
upsert_time |
The time the object was last updated or created (HTTP POST). |
created_by |
The name and authentication source of the user who created the object. Example: ewok@endor.ai@google@api-key |
updated_by |
The name and authentication source of the last user who updated the object. Example: vulnerabilityingestor@endor.ai@x509 |
tags |
A list of tags attached to the object. Tags can be used to organize objects and find collections of objects that satisfy certain conditions. A tag must be 63 characters or less and may contain alphanumeric characters, @ , _ , . , and - . An optional prefix must be separated with = (for example, my_tag=my_value ). |
annotations |
Map of additional metadata for the object. Annotation keys may contain alphanumeric characters, _ , . , and - . Annotation values can be structured or unstructured and may include characters not permitted by tags. Values must be 16384 bytes or smaller. |
TenantMeta
Most objects include a common nested object called TenantMeta. TenantMeta contains the following field:
Field name | Description |
---|---|
namespace |
Name of the namespace the object belongs to. Organizes organizational units into virtual groupings of objects. Namespaces must be fully qualified names (for example, the child namespace of endor.prod called app is endor.prod.app ). |
OSS tenant
There is a common tenant for all OSS projects called oss
, to which customers have read access.
Spec
All objects include a common nested object called Spec. This mandatory object contains the specification of the object, representing its current state. For more information, see Resource kinds.
Context
Most objects include a common nested object called Context. Contexts keep objects from different scans separated. The context object has the following fields:
Field name | Description |
---|---|
type |
The type of context, usually defined based on how endorctl is being used. |
id |
The ID of the context, such as a pull request ID or branch reference. |
will_be_deleted_at |
The time when the object will be automatically deleted by the system. |
tags |
A list of tags applied to a context. Used primarily for CI and SBOM contexts. |
Context types
Each context has a type and an id. For example, objects created during a scan of the default branch belong to the main context, while objects for non-default branches have the context type ref.
Context type | Description |
---|---|
CONTEXT_TYPE_MAIN |
Objects from a scan of the default branch. All objects in the OSS namespace are in the main context. The context id is always default . |
CONTEXT_TYPE_REF |
Objects from a scan of a specific branch. The context id is the branch reference name. |
CONTEXT_TYPE_CI_RUN |
Objects from a PR scan. The context id is the PR UUID. Objects in this context are deleted after 30 days. |
CONTEXT_TYPE_SBOM |
Objects from an SBOM scan. The context id is the SBOM serial number or some other unique identifier. |
CONTEXT_TYPE_EXTERNAL |
Indicates that this object is a copy/temporary value of an object in another project. Used for same-tenant dependencies. In source code reference this is equivalent to “vendor” folders. Package versions in the external context are only scanned for call graphs. No other operations are performed on them. |
Processing status
Project and PackageVersion objects include a common nested object called ProcessingStatus, which contains fields about the processing status of the object (when it was/will be scanned). The processing status object has the following fields:
Field name | Description |
---|---|
scan_state |
The state of the scan. |
scan_time |
The last time the object was scanned. Projects onboarded via the GitHub App are scanned every 24 hours. |
analytic_time |
The last time the object was analyzed. Analytics are run automatically every 24 hours. |
disable_automated_scan |
A boolean used to disable automatic scanning by the system. |
Scan state
The following scan states are supported:
Scan state | Description |
---|---|
SCAN_STATE_NOT_PROCESSED |
The object has not yet been processed by the system. |
SCAN_STATE_IDLE |
The object has been scanned at least once. |
SCAN_STATE_INGESTING |
The object is being scanned. |
SCAN_STATE_ANALYTIC |
The object is being analyzed. |
SCAN_STATE_UNREACHABLE |
The object is not reachable from the scheduler. |
SCAN_STATE_REQUEST_FULL_RESCAN |
The object is marked for a complete rescan. This only applies to OSS projects. |
SCAN_STATE_REQUEST_INCREMENTAL_RESCAN |
The object is marked for an incremental rescan, where only new packages discovered in the scan are added. |
Example
The following is an example of a Project object:
{
"meta": {
"create_time": "2023-12-05T00:04:21.853Z",
"kind": "Project",
"name": "https://github.com/my_organization/my_repository.git",
"update_time": "2024-05-01T16:50:03.830911988Z",
"version": "v1"
},
"processing_status": {
"analytic_time": "2024-05-01T16:45:06.483972413Z",
"disable_automated_scan": true,
"scan_state": "SCAN_STATE_IDLE",
"scan_time": "2024-03-18T14:38:31.899249002Z"
},
"spec": {
"git": {
"full_name": "endorlabs/monorepo",
"git_clone_url": "git@github.com:my_organization/my_repository.git",
"http_clone_url": "https://github.com/my_organization/my_repository.git",
"organization": "endorlabs",
"path": "monorepo",
"web_url": "https://api.github.com/my_organization/my_repository"
},
"internal_reference_key": "https://github.com/my_organization/my_repository.git",
"platform_source": "PLATFORM_SOURCE_GITHUB"
},
"tenant_meta": {
"namespace": "my_namespace"
},
"uuid": "656e69058032bf0abaaeb681"
}
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.