> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Endor Patches

> Learn how to use Endor Patches and understand why they are beneficial.

Endor Patches is a curated repository of software packages with backported vulnerability fixes for your security and convenience. Endor Labs identifies vulnerable functions and the commits that fixed each vulnerability in the open-source community. These fixes, along with necessary supporting commits, are applied to older software versions to create a minimum viable security patch for each library supported by Endor Labs.

Endor Patches are a result of extensive research. In security, trust is crucial. Therefore, the patch details are fully transparent. The builds are hermetic ensuring they are consistent, reproducible, and reliable. The exact code changes, along with builds, build steps, and logs, are auditable and available for review.

Customers can access Endor Patches through a hosted repository, where each software component has three types of versions.

* A version associated with a specific patch date for build reproducibility. For instance: `v2.9.10.3-endor-2024-07-11`.
* A version with the latest patched version of a library, incorporating all current patches. This can be used by appending `-endor-latest` to a package version. For instance: `v2.9.10.3-endor-latest`.
* A version matching the upstream open-source version, allowing users to use the patched version without code changes. For instance: `v2.9.10.3`.

By minimizing changes to fix known vulnerabilities and providing complete transparency, Endor Patches offer a comprehensive solution to help teams quickly address vulnerabilities, **even when a fix is challenging**.

The following sections provide detailed information on how to use Endor Patches.

<CardGroup cols={3}>
  <Card title="Connect to the Factory" icon="cogs" href="/risk-remediation/endor-patches/connecting-to-the-factory">
    Connect to the Endor Labs Patch Factory and use Endor Patches.
  </Card>

  <Card title="Automatic Patching" icon="magic" href="/risk-remediation/endor-patches/auto-patching">
    Enable automatic patching to seamlessly fix security vulnerabilities.
  </Card>

  <Card title="Patch Transparency" icon="shield-alt" href="/risk-remediation/endor-patches/trust">
    Build trust in your Endor Patches with full transparency and auditable build processes.
  </Card>

  <Card title="Configure JFrog Artifactory" icon="server" href="/risk-remediation/endor-patches/configure-jfrog-artifactory">
    Set up JFrog Artifactory to use Endor Patches with proper repository configuration.
  </Card>

  <Card title="Configure Nexus Repository" icon="database" href="/risk-remediation/endor-patches/configure-nexus-repository">
    Configure Sonatype Nexus Repository Manager to prioritize Endor Patches.
  </Card>

  <Card title="Access Endor Patch Repository" icon="download" href="/risk-remediation/endor-patches/access-endor-patch-repository">
    Learn how to retrieve and use Endor Patches versions using URLs and build tools.
  </Card>
</CardGroup>