Java
Learn how to implement Endor Labs in repositories with Java packages.
Scan for open source risks
Scan and detect publicly exposed open source issues posing risks to your organization.
Endor Labs supports the following major capabilities to help teams reduce the risk and expense of software dependencies across their lifecycle:
- SCA - Software composition analysis is the identification of the bill of materials for first-party software packages and the mapping of vulnerabilities to these software component versions. SCA helps teams to maintain compliance and get visibility into the risks of their software inventory.
- Endor Scores - Endor Labs provides a holistic risk score that includes the security, quality, popularity and activity of a package. Risk scores help in identifying leading indicators of risk in addition to if a software component is outdated, or unmaintained. Risk analysis helps teams to go beyond vulnerabilities and approach the risk of their software holistically.
- Reachability Analysis - Reachability analysis is Endor Labs’ capability to perform static analysis on your software packages to give context to how each vulnerability may be reached in the context of your code. This includes mapping vulnerabilities back to vulnerable functions so that deep static analysis can target vulnerabilities with higher levels of granularity as well as the identification of unused software dependencies.
The resource requirements, both minimum and recommended, for build runners or workers executing scans using endorctl are listed here.
Note: Large applications may require additional resources to complete or enhance the scan performance.
Minimum Resources
| CPU | Memory |
|---|---|
| 4 core | 16 GB RAM |
Recommended Resources
| CPU | Memory |
|---|---|
| 8 core | 32 GB RAM |
Supported languages
The following table shows Endor Labs language coverage:
| Language | SCA | Endor Scores | Reachability Analysis |
|---|---|---|---|
| Java | Supported | Supported | Supported |
| Python | Supported | Supported | Supported |
| Rust | Supported | Supported | Supported |
| JavaScript | Supported | Supported | Supported * |
| Golang | Supported | Supported | Supported |
| .NET (C#) | Supported | Supported | Supported |
| Kotlin | Supported | Supported | Supported |
| Scala | Supported | Supported | Supported |
| Ruby | Supported | Supported | Unsupported |
| Swift/Objective-C | Supported | Supported | Unsupported |
| PHP | Supported | Supported | Unsupported |
* For JavaScript, reachability is currently limited to the package level; function-level reachability will be supported in the future.
Complete support matrix
The following comprehensive matrix lists the supported languages, build tools, manifest files, and supported requirements.
| Language | Package Managers / Build Tool | Manifest Files | Extensions | Supported Requirements |
|---|---|---|---|---|
| Java | Maven | pom.xml |
.java |
JDK version 11-22; Maven 3.6.1 and higher versions |
| Gradle | build.gradle |
.java |
JDK version 11-22; Gradle 6.0.0 and higher versions | |
| Bazel | workspace, MODULE.bazel, BUILD.bazel |
.java |
JDK version 11-22; Bazel versions 5.x.x, 6.x.x, and 7.x.x | |
| Kotlin | Maven | pom.xml |
.kt | JDK version 11-22; Maven 3.6.1 and higher versions |
| Gradle | build.gradle |
.kt |
JDK version 11-22; Gradle 6.0.0 and higher versions | |
| Golang | Go | go.mod, go.sum |
.go |
Go 1.12 and higher versions |
| Bazel | workspace, MODULE.bazel, BUILD.bazel |
.go |
Bazel versions 5.x.x, 6.x.x, and 7.x.x | |
| Rust | Cargo | cargo.toml, cargo.lock |
.rs |
Rust 1.63.0 and higher versions |
| JavaScript | npm | package-lock.json, package.json |
.js |
npm 6.14.18 and higher versions |
| pnpm | pnpm-lock.yaml, package.json |
.js |
pnpm 3.0.0 and higher versions | |
| Yarn | yarn.lock, package.json |
.js |
Yarn all versions | |
| TypeScript | npm | package-lock.json, package.json |
.ts |
npm 6.14.18 and higher versions |
| pnpm | pnpm-lock.yaml, package.json |
.ts |
pnpm 3.0.0 and higher versions | |
| Yarn | yarn.lock, package.json |
.ts |
Yarn all versions | |
| Python | pip |
requirements.txt |
.py |
Python 3.6 and higher versions; pip 10.0.0 and higher versions |
| Poetry | pyproject.toml, poetry.lock |
.py |
||
| PDM | pyproject.toml, pdm.lock |
.py |
||
| PyPI | setup.py, setup.cfg, pyproject.toml |
.py |
||
| Bazel | workspace, MODULE.bazel |
.py |
Bazel versions 5.x.x, 6.x.x, and 7.x.x | |
| .NET (C#) | Nuget | *.csproj, package.lock.json, projects.assets.json, Directory.Build.props, Directory.Packages.props, *.props |
.cs |
.NET 1.0 and higher versions |
| Scala | sbt | build.sbt |
.sc or .scala |
sbt 1.3 and higher versions |
| Ruby | Bundler | Gemfile, *.gemspec, gemfile.lock |
.rb |
Ruby 2.6 and higher versions |
| Swift/Objective-C | CocoaPods | Podfile, Podfile.lock |
.swift, .h, .m |
CocoaPods 0.9.0 and higher versions |
| PHP | Composer | composer.json, composer.lock |
.php |
PHP 5.3.2 and higher versions; Composer 2.2.0 and higher versions |
Important
To successfully execute the endorctl scan for your languages, your repository must include at least one of the following language-specific file extensions:.java, .kt, .go, .rs, .js, .ts, .py, .cs, .sc, .scala, .rb, .swift, .h, .m, .php.
See the detailed procedure for all supported languages:
Kotlin (Beta)
Learn how to implement Endor Labs in repositories with Kotlin packages.
Go
Learn how to implement Endor Labs in repositories with Go packages.
Python
Learn how to implement Endor Labs in repositories with Python packages.
JavaScript/TypeScript
Learn how to implement Endor Labs in repositories with Javascript or Typescript packages.
Ruby
Learn how to implement Endor Labs in repositories with Ruby packages.
.NET
Learn how to implement Endor Labs in repositories with .NET packages.
Bazel
Learn how to implement Endor Labs in monorepos using Bazel
Swift/Objective-C (Beta)
Learn how to implement Endor Labs in repositories with CocoaPods packages.
Scala
Learn how to implement Endor Labs in repositories with Scala packages.
PHP
Learn how to implement Endor Labs in repositories with PHP packages using composer.
Rust
Learn how to implement Endor Labs in repositories with Rust packages.
Feedback
Was this page helpful?
Thanks for the feedback. Write to us at support@endor.ai to tell us more.
Thanks for the feedback. Write to us at support@endor.ai to tell us more.