> ## Documentation Index > Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt > Use this file to discover all available pages before exploring further. # Configure build tools > Learn about build tools to build repeatable patterns in your scan environment. export const YamlTable = ({children, data: propData, content}) => { const KV_RE = /^([A-Za-z][A-Za-z0-9_()/#\s-]+?):\s*(.+)$/; const INLINE_MD_RE = /(\[([^\]]+)\]\(([^)]+)\))|(`([^`]+)`)|(\*\*([^*]+)\*\*)|(\*([^*]+)\*)/g; const YES_RE = /^-yes-$/i; const NO_RE = /^-no-$/i; const LIMITED_RE = /^-(limited|partial)-$/i; const NA_RE = /^-(na|none)-$/i; const NA2_RE = /^-na2-$/i; const SIMPLE_TAG_RE = /()|()|(-note-)|(-warning-)/gi; const tryParseKV = trimmed => { const m = KV_RE.exec(trimmed); return m ? { key: m[1], value: m[2].trim() } : null; }; const registerKey = (key, seenKeys, orderedKeys) => { if (!seenKeys.has(key)) { orderedKeys.push(key); seenKeys.add(key); } }; const flushEntry = (currentEntry, entries) => { if (Object.keys(currentEntry).length > 0) entries.push(currentEntry); }; const parseDashPrefixed = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed.startsWith('- ')) { if (inEntry) entries.push(currentEntry); currentEntry = {}; inEntry = true; const kv = tryParseKV(trimmed.substring(2).trim()); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } else if (inEntry && trimmed !== '') { const kv = tryParseKV(trimmed); if (kv) { registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; } } } flushEntry(currentEntry, entries); }; const parseBlankSeparated = (lines, entries, orderedKeys, seenKeys) => { let currentEntry = {}; let inEntry = false; for (const line of lines) { const trimmed = line.trim(); if (trimmed === '') { if (inEntry) { flushEntry(currentEntry, entries); currentEntry = {}; inEntry = false; } continue; } const kv = tryParseKV(trimmed); if (!kv) continue; const isNewEntry = !line.startsWith(' ') && !line.startsWith('\t'); if (isNewEntry && inEntry && Object.keys(currentEntry).length > 0) { entries.push(currentEntry); currentEntry = {}; } registerKey(kv.key, seenKeys, orderedKeys); currentEntry[kv.key] = kv.value; inEntry = true; } flushEntry(currentEntry, entries); }; const normalizeEntries = (entries, orderedKeys) => entries.map(entry => { const filled = {}; for (const key of orderedKeys) filled[key] = entry[key] || ''; return filled; }); const parseYamlTableContent = contentStr => { if (!contentStr) return []; const entries = []; const orderedKeys = []; const seenKeys = new Set(); const lines = contentStr.split('\n'); if (lines.some(line => line.trim().startsWith('- '))) { parseDashPrefixed(lines, entries, orderedKeys, seenKeys); } else { parseBlankSeparated(lines, entries, orderedKeys, seenKeys); } return normalizeEntries(entries, orderedKeys); }; const processText = text => { if (!text) return text; const parts = []; let keyIndex = 0; let lastIndex = 0; let match; while ((match = INLINE_MD_RE.exec(text)) !== null) { if (match.index > lastIndex) parts.push(text.slice(lastIndex, match.index)); if (match[1]) { parts.push({match[2]}); } else if (match[4]) { parts.push({match[5]}); } else if (match[6]) { parts.push({match[7]}); } else if (match[8]) { parts.push({match[9]}); } lastIndex = match.index + match[0].length; } if (lastIndex < text.length) parts.push(text.slice(lastIndex)); if (parts.length === 0) return text; const keyRef = { current: keyIndex }; return expandHtmlTags(parts, keyRef); }; const processBadges = text => { if (!text || typeof text !== 'string') return text; if (YES_RE.test(text)) return ; if (NO_RE.test(text)) return ; if (LIMITED_RE.test(text)) return ; if (NA_RE.test(text) || NA2_RE.test(text)) return Not applicable; return processText(text); }; const cellClassName = text => { if (!text || typeof text !== 'string') return undefined; if (NA_RE.test(text)) return 'yt-cell-na'; if (NA2_RE.test(text)) return 'yt-cell-na2'; return undefined; }; const expandSimpleTags = (str, keyRef) => { const result = []; let last = 0; SIMPLE_TAG_RE.lastIndex = 0; let m; while ((m = SIMPLE_TAG_RE.exec(str)) !== null) { if (m.index > last) result.push(str.slice(last, m.index)); if (m[1]) { result.push(
); } else if (m[2]) { result.push(
,
); } else if (m[3]) { result.push(Note: ); } else if (m[4]) { result.push(Warning: ); } last = m.index + m[0].length; } if (last < str.length) result.push(str.slice(last)); return result; }; const expandHtmlTags = (chunks, keyRef) => { const out = []; for (const chunk of chunks) { if (typeof chunk === 'string') { out.push(...expandSimpleTags(chunk, keyRef)); } else { out.push(chunk); } } return out; }; const extractText = node => { if (node === null || node === undefined) return ''; if (typeof node === 'string') return node; if (typeof node === 'number') return String(node); if (typeof node === 'boolean') return ''; if (Array.isArray(node)) return node.map(extractText).join(''); if (node && typeof node === 'object' && node.type) { const props = node.props || ({}); if (typeof props.children === 'string') return props.children; if (props.children) return extractText(props.children); return ''; } return String(node || ''); }; const [mounted, setMounted] = useState(false); useEffect(() => { setMounted(true); }, []); const data = useMemo(() => { if (propData) return propData; if (content && typeof content === 'string') return parseYamlTableContent(content); if (!children) return []; if (typeof children === 'string') return parseYamlTableContent(children); const childrenArray = Array.isArray(children) ? children : [children]; return parseYamlTableContent(childrenArray.map(extractText).join('').trim()); }, [children, propData, content]); const columns = useMemo(() => { if (!data || data.length === 0) return []; const firstRow = data[0]; if (!firstRow || typeof firstRow !== 'object') return []; return Object.keys(firstRow); }, [data]); if (!mounted) return null; if (!data || data.length === 0) return null; const rowKey = row => columns.map(c => row[c] || '').join('|'); return {columns.map(col => )} {data.map(row => {columns.map(col => )} )}
{col.replaceAll('_', ' ')}
{processBadges(row[col])}
; }; Endor Labs uses build tools to scan projects, generate reliable Software Bill of Materials (SBOM), and detect security or operational risks. For languages like Java, Python, and .NET that depend on the build environment, it relies on specific runtime or package manager versions to ensure precise results. When tools are missing, you can define and install them in the CLI, and Endor Labs sets them up in an isolated sandbox during the scan. This feature is supported on Linux and macOS. You need to [install and initialize](/developers-api/cli/install-and-configure) endorctl before configuring the build toolchains in a scan profile. ## Toolchain priority in GitHub App scans [Endor Labs GitHub App](/setup-deployment/scm-integrations/github-app-pro/github-app) continuously monitors your projects for security and operational risks. The app monitors all the projects included in your GitHub workspace and scans run once every 24 hours. For performing scans, the GitHub App checks the toolchain specifications in the following order: 1. Scan workflow, if present. 2. Toolchain configuration specified through endorctl API. 3. Toolchain configuration specified in `scanprofile.yaml` file. 4. Enable auto detection to automatically detect the toolchains from your manifest files. 5. Uses the system defaults. ## Configure build tools for endorctl scans After [installing and initializing](/developers-api/cli/install-and-configure) endorctl, run the endorctl scan with the `--install-build-tools` flag to automatically download and install any missing toolchains in an isolated sandbox to properly execute language-specific scans and dependency resolution. 1. For the first time, run the endorctl scan to create a project with Endor Labs. ```bash theme={null} endorctl scan ``` 2. Run the following command to automatically download and install build tools as part of your scan. ```bash theme={null} endorctl scan --install-build-tools ``` 3. The system checks for the required toolchain specifications in the following order before installing them in the sandbox. * [Configure scan workflow through endorctl API](/scan/scan-profiles/configure-scan-workflow-through-api) * [Configure toolchain profile through endorctl API](/scan/scan-profiles/configure-scanprofile-api) * [Configure toolchain profile in the profile.yaml file](/scan/scan-profiles/configure-scanprofile-yaml) * [Automatically detect toolchain profiles](/scan/scan-profiles/auto-detect-toolchains) * [Uses the system defaults](#system-default-toolchain-versions) ## System default toolchain versions If you do not provide a tool profile, the default toolchains are installed in the sandbox while performing the endorctl scan with the `install-build-tools` flag. See [Toolchain support matrix](#toolchain-support-matrix) for details on default versions. ### Toolchain support matrix The following table outlines the toolchain profile support details across different languages and platforms. {` - Dependencies: **Java** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Java 8, 11, 17, 21, 25 Default_Version: Java 17 Platform: Linux, Darwin - Dependencies: **Maven** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Maven 3.8.8, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.9.15 Default_Version: Maven 3.9.4 Platform: Linux, Darwin - Dependencies: **Gradle** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Gradle 6.9.4, 7.6.4, 8.4, 9.0.0 Default_Version: Gradle 8.4 Platform: Linux, Darwin - Dependencies: **Python** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Python 3.8, 3.9, 3.10, 3.11, 3.12, 3.13 Default_Version: Python 3.10 Platform: Linux, Darwin - Dependencies: **NodeJS** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Node.js 16.20, 18.20, 20.19, 22.18, 24.6, 24.7, 24.8, 24.12, 25.4, 26.0 Default_Version: Node.js 20.10.0 Platform: Linux, Darwin - Dependencies: **Yarn** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Yarn 1.22, 2, 3, 4.9.1, 4.13.0 Default_Version: Yarn 1.22.19 Platform: Linux, Darwin - Dependencies: **pnpm** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: pnpm 6.35, 7.33, 8.15, 9.15, 10.14, 10.15.0, 10.15.1, 10.16.0, 10.16.1 Default_Version: pnpm 8.10.2 Platform: Linux, Darwin - Dependencies: **Golang** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Golang 1.12, 1.13, 1.14, 1.15, 1.16, 1.17, 1.18, 1.19, 1.20, 1.21, 1.22, 1.24 Default_Version: Golang 1.24.6 Platform: Linux, Darwin - Dependencies: **.NET** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: .NET 6, 7, 8, 9, 10 Default_Version: .NET 7.0.401 Platform: Linux, Darwin - Dependencies: **Scala** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Scala 1.10.0, 1.11.0 Default_Version: Scala 1.9.0 Platform: Linux, Darwin - Dependencies: **Rust** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Rust 1.89.0 Default_Version: Rust 1.89.0 Platform: Linux, Darwin - Dependencies: **Kotlin** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Default_Version: Java 17 Platform: Linux, Darwin - Dependencies: **Typescript** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: 16.20, 18.20, 20.19, 22.18, 24.6, 24.7, 24.8, 24.12, 25.4, 26.0 Default_Version: Node.js 20.10.0 Platform: Linux, Darwin - Dependencies: **Android** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Default_Version: platform-tools Platform: Linux, Darwin - Dependencies: **PHP** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Default_Version: 8.2 Platform: Linux - Dependencies: **Ruby** Support_for_API: Supported Support_for_profile_yaml: Supported Support_for_Auto_detection: Ruby 3.2.9, 3.3.9, 3.4.5 Default_Version: Ruby 3.2.9 Platform: Linux `} .NET 5 and earlier versions are not supported for auto detection or manual configuration. If a project uses Java 8, Endor Labs installs both Java 8 and Java 17.0.11. It builds the project with Java 8 and scans it with Java 17. ## Configure automated scan parameters Automated scan parameters are endorctl parameters and environment variables that you define in a scan profile. They apply to projects linked to that profile and help customize scan behavior during cloud scans. You can define the following parameters in your scan profile: * **included\_paths**: Enable to specify a list of paths to include in the scan. * **excluded\_paths**: Enable to specify a list of paths to exclude from the scan. Excluded paths do not apply to secrets scanning. Secrets detection always scans the full repository. To filter or suppress secret findings, use policies or a `.gitleaksignore` file instead. * **languages**: Enable to specify a list of languages to scan. If empty, default values are used. * **call\_graph\_languages**: Enable to specify a list of languages to use for generating call graphs. If empty, default values are used. * **additional\_environment\_variables**: Enable to specify additional environment variables to set during the scan. Only the environment variables starting with `ENDOR_` are passed to the scan, all others are ignored. See [Global flags and environment variables](/developers-api/cli/environment-variables) for a complete list of available environment variables. * **enable\_automated\_pr\_scans**: Enables automatic scanning of pull request changes. * **enable\_pr\_comments**: Enables adding scan results as comments in pull requests. * **enable\_sast\_scan**: Enables SAST during the scanning process. * **disable\_code\_snippet\_storage**: Disables the storage of code snippets. If you are using Bazel in your build, you can further configure: * **bazel\_configuration**: Enable to specify configuration settings for Bazel scans. See [Bazel flags](/developers-api/cli/commands/scan#bazel-flags) for more details. * **bazel\_show\_internal\_targets**: Enable to include internal build targets in the dependency analysis. * **bazel\_workspace\_path**: Enable to specify the path to the Bazel workspace. * **bazel\_include\_targets**: Enable to specify Bazel targets to include in the scan. * **bazel\_exclude\_target**: Enable to specify Bazel targets to exclude from the scan. The following toolchain profile shows a yaml definition with configured automated scan parameters: ```yaml expandable theme={null} kind: AutomatedScanParameters spec: automated_scan_parameters: included_paths: - python/** excluded_paths: - java/** languages: - python call_graph_languages: - python additional_environment_variables: - ENDOR_LOG_VERBOSE=true - ENDOR_LOG_LEVEL=debug enable_automated_pr_scans: true enable_pr_comments: true enable_sast_scan: true disable_code_snippet_storage: true bazel_configuration: bazel_show_internal_targets: true bazel_workspace_path: "go-bazel-repo/" bazel_include_targets: bazel_abs: - "//cmd:cmd" ```