> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Scan with Endor Labs

> Run multiple types of security scans to identify vulnerabilities, secrets, license issues, and more.

Endor Labs provides comprehensive scanning capabilities to identify security issues across your software supply chain. This section covers the different types of scans available and how to configure them.

<CardGroup cols={4}>
  <Card title="SCA (Software Composition Analysis)" icon="cube" href="/scan/sca">
    Scan open source dependencies for vulnerabilities with reachability analysis.
  </Card>

  <Card title="SAST (Static Application Security Testing)" icon="code" href="/scan/sast">
    Scan your first-party code for security vulnerabilities.
  </Card>

  <Card title="GitHub Actions" icon="github" href="/scan/github-actions">
    Scan GitHub Actions referenced in your workflows for vulnerabilities, malware, and risky configuration.
  </Card>

  <Card title="Secrets Detection" icon="key" href="/scan/secrets">
    Scan your codebase for leaked secrets and sensitive data.
  </Card>

  <Card title="Container Scanning" icon="box" href="/scan/containers">
    Scan container images for vulnerabilities and secure your deployments.
  </Card>

  <Card title="Malware detection" icon="shield-alt" href="/scan/malware">
    Scan dependencies for malware and understand how it is detected, classified, and scored.
  </Card>

  <Card title="AI Models" icon="brain" href="/scan/ai-models">
    Scan for and govern AI models in your codebase.
  </Card>

  <Card title="OSS Licenses" icon="file-contract" href="/scan/oss-licenses">
    Identify and manage open source license compliance.
  </Card>

  <Card title="Scan Profiles" icon="sliders" href="/scan/scan-profiles">
    Configure scan profiles to customize how your projects are scanned.
  </Card>

  <Card title="Pull Request scans" icon="code-branch" href="/scan/pr-scans">
    Scan pull requests as they are raised in your repository.
  </Card>

  <Card title="Bazel" icon="wrench" href="/scan/bazel">
    Scan monorepos with Endor Labs using Bazel.
  </Card>

  <Card title="Working with monorepos" icon="layer-group" href="/scan/working-with-monorepos">
    Scan large monorepos with strategies for performance and coverage.
  </Card>

  <Card title="RSPM (Repository Security Posture Management)" icon="gear" href="/scan/rspm">
    Manage repository security posture and SCM configurations.
  </Card>
</CardGroup>