> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.endorlabs.com/feedback

```json
{
  "path": "/scan/sca/c/index",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# C/C++

> Learn how to implement Endor Labs in C and C++ repositories.

C and C++ are powerful, high-performance programming languages widely used for system programming, application development, and embedded systems. Endor Labs supports scanning and monitoring of C and C++ projects.

Using Endor Labs, application security engineers and developers can:

* Scan their software for potential security issues and violations of organizational policy.
* Prioritize vulnerabilities in the context of their applications.
* Understand the relationships between software components in their applications.

## Run a scan

To scan your C and C++ repositories, run the following command.

```bash theme={null}
endorctl scan --languages=c
```

<Note>
  **Important**

  * Ensure that the entire source code and all its dependencies are present in the scanned folder.
  * Using the `--languages=c` flag will scan only C and C++ projects. For a multi-language repository, ensure that you include all other languages with the flag.
  * If you are using a [scan profile](/scan/scan-profiles/configure-scanprofile-ui), make sure **C/C++** is selected under **Languages** and included in your profile.
</Note>

Use the following flags to save the local results to a *results.json* file. The results and related analysis information are available on the Endor Labs user interface.

```bash theme={null}
endorctl scan --languages=c -o json | tee /path/to/results.json
```

### View scan results

You can sign in to the [Endor Labs user interface](https://app.endorlabs.com), click the **Projects** on the left sidebar, and find your project to review its results.

<img src="https://mintcdn.com/endorlabs-b4795f4f/266r_aE9BWR2B51C/images/scan/sca/c-potentially-reachable.webp?fit=max&auto=format&n=266r_aE9BWR2B51C&q=85&s=85fc1b39b9f47eadc71e119f854b450e" alt="View scan results" width="2654" height="1482" data-path="images/scan/sca/c-potentially-reachable.webp" />

## View dependency file locations

You can view a visualization of dependency file locations of C/C++ packages in your repository. These locations reflect the source file paths associated with how the dependency was identified in your codebase.

To view the dependency file path of your package version:

1. Select **Projects** from the left sidebar.
2. Go to **Packages** under **Inventory**.
3. Select **C/C++** in the **Ecosystem** filter.
4. Select the package version you want to review.
5. Click **View Details** on the right sidebar.
6. Select **Overview**.
7. Expand the tree under **Dependency File Locations** to explore the file paths where the dependency was identified.

<img src="https://mintcdn.com/endorlabs-b4795f4f/iANivZI1KHjByn04/images/scan/sca/c-filepath-visualization.webp?fit=max&auto=format&n=iANivZI1KHjByn04&q=85&s=2e8ab6e62f5747f5ed35e7a223b539b0" alt="Dependency file locations" width="1864" height="1478" data-path="images/scan/sca/c-filepath-visualization.webp" />

## Understand the scan process

Endor Labs detects vulnerabilities by testing your code against its proprietary database, which is regularly updated. Endor Labs does not build your code, so all dependencies and vendor code must be included within the source. If the build process pulls in additional packages, they must also be present in the scanned directory.

Endor Labs analyzes source code using a combination of code signatures and embeddings. The system extracts source code from multiple data sources and applies language-specific segmentation to break the code into functions and segments. This method facilitates efficient similarity searches, helping to detect duplicated code across repositories and supporting comprehensive software composition analysis.

By comparing file hashes, segment hashes, and embeddings, Endor Labs queries data to identify matches with code segments. This capability streamlines the detection of copied code and dependency relationships between repositories. It provides insights into code components from multiple sources, including Git repositories, online archives, and other package distributions. Endor Labs scans headers and code files regardless of their file extension.

To optimize performance, Endor Labs caches embeddings and signatures, making subsequent scans faster than the first scan. This means only newly added or modified files require computation, notably reducing scan times.

### Enable code segment embeddings

Endor Labs disables embeddings by default. You need an Endor Labs AI license to use them.

To enable embeddings go to **Settings** near the bottom of the left sidebar, navigate to **Data Privacy** under **System Settings**, check the box for **Code Segment Embeddings and LLM Processing** and click **Save Data Privacy Settings**.

<img src="https://mintcdn.com/endorlabs-b4795f4f/2CFeZIRm7eKUPEq0/images/platform-administration/configure-system-settings/enable-embeddings.webp?fit=max&auto=format&n=2CFeZIRm7eKUPEq0&q=85&s=f8ccc0d3ff2199c3410408c3c61faafa" alt="Enable embeddings" width="1668" height="743" data-path="images/platform-administration/configure-system-settings/enable-embeddings.webp" />

To override the system-wide configuration for a specific scan, set `ENDOR_SCAN_EMBEDDINGS` to `true` to enable embeddings or `false` to disable them. This setting takes precedence over the system configuration.

```bash theme={null}
export ENDOR_SCAN_EMBEDDINGS=false
```

### Limitations

Scanning binary library files such as `.so` and `.a` files is not supported.