MCP (Model Context Protocol) is an open standard that defines a consistent way for applications to share relevant context and information with Large Language Models (LLMs). MCP servers expose specific capabilities through the standardized Model Context Protocol. For more information on MCP, refer to the MCP documentation.

The Endor Labs MCP server integrates seamlessly into your development workflow, scanning your code as you write. You can catch issues long before they’re a problem in production. It plugs directly into your IDE, tightening the feedback loop for both human and AI-generated code. Thus, you can quickly secure your code from the start. With Endor Labs, you’re bringing security all the way left, getting real-time, proactive insights and automated fixes in your editor, while you build, minimizing last-minute security scrambles.

How Endor Labs MCP server helps your development workflow

How to use the Endor Labs MCP server

Tools in the Endor Labs MCP server

The Endor Labs MCP server provides the following tools:

• check_dependency_for_vulnerabilities: Check if the dependencies in your project are vulnerable.
• get_endor_vulnerability: Get the details of a specific vulnerability from the Endor Labs vulnerability database.
• get_resource: Add additional context from commonly used Endor Labs resources about your software such as findings, vulnerabilities, and projects.
• scan: Run an Endor Labs security scan to detect risks in your open source dependencies, find common security issues, and spot any credentials accidentally exposed in your Git repository.

After you set up the MCP server, you can choose to disable the tools that you do not want to use.

Choose your IDE or platform to get started

The Endor Labs Model Context Protocol (MCP) server integrates seamlessly into your AI-native development workflows to help you keep your code secure and fix security risks faster. You can catch issues long before they’re a problem in production and fix them faster when they already are.

This guide details how to integrate Endor Labs security capabilities directly into your Cursor development workflows using MCP.

How Endor Labs MCP server helps your Cursor workflow

How to use the Endor Labs MCP server

Integrate Endor Labs MCP server into Cursor

Complete the following tasks to integrate Endor Labs MCP Server into Cursor.

• Configure the MCP server: Configure the MCP server in Cursor. You can use the interactive configuration tool or manually configure the MCP server. See Configure the MCP server in Cursor for more details. No configuration is required to get started with the Developer Edition.

• Configure permissions for your developers (optional): If you’re using the Enterprise Edition with a specific namespace, ensure that your developers have Read-Only permissions to Endor Labs. See Endor Lab’s Authorization policies for more details.

• Configure Cursor rules (optional): Configure Cursor rules to guide AI development with Endor Labs. See Configure Cursor rules for more details.

Configure the MCP server in Cursor

Cursor allows you to set MCP configurations at the project and the user level.

You can manually configure the MCP server or use the interactive configuration tool to generate a one-click installation link for Cursor.

Set up Endor Labs MCP server on Windows

npx --version

Developer Edition

Add the following configuration to the .cursor/mcp.json file to use the Endor Labs MCP server with the Developer Edition.

{
  "mcpServers": {
    "endor-cli-tools": {
      "command": "npx",
      "args": [
        "-y",
        "endorctl",
        "ai-tools",
        "mcp-server"
      ]
    }
  }
}

Interactive MCP server configuration

Use our interactive configuration tool to generate a one-click installation link for Cursor. You can configure all the necessary parameters and generate a Cursor link that you can click to automatically install the MCP server.

After you click Add Endor Labs MCP server, MCP Settings opens in Cursor.

You can verify the configuration and click Install to complete the installation.

Manual MCP server configuration at the repository level

1. Navigate to the root of your repository.

2. Create a .cursor directory if it doesn’t exist and create an mcp.json file in the .cursor directory.

   mkdir -p .cursor && touch .cursor/mcp.json
   

3. Add the following configuration to the .cursor/mcp.json file.

   Developer Edition

   {
     "mcpServers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ]
       }
     }
   }
   

   Use pre-existing configuration

   {
     "mcpServers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   Your local configuration already contains the namespace information, so you don’t need to specify ENDOR_NAMESPACE separately.

   Enterprise Edition

   {
     "mcpServers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_NAMESPACE": "<namespace>",
           "ENDOR_MCP_SERVER_AUTH_MODE": "<google|github|gitlab|sso>",
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   For Enterprise Edition, specify your namespace and choose an authentication mode. If you choose sso, you must also add ENDOR_MCP_SERVER_AUTH_TENANT to the env section.

   The following parameters are used to configure the MCP server. All parameters are optional. If no parameters are provided, the MCP server defaults to the Developer Edition with browser authentication.

   • ENDOR_MCP_SERVER_AUTH_MODE: (Optional) The authentication mode to use for the MCP server. You can use the following authentication modes: github, gitlab, google, sso. If you choose sso, you must add ENDOR_MCP_SERVER_AUTH_TENANT as an additional parameter. If not specified, the MCP server defaults to browser authentication for the Developer Edition.
   • ENDOR_NAMESPACE: (Optional) The namespace to use for the MCP server. Required for Enterprise Edition to access your organization’s specific policies. Not needed for Developer Edition.
   • ENDOR_TOKEN: (Optional) The token to use for the MCP server. Do not set this value manually. It will be set automatically by the MCP server during authentication.
   • ENDOR_MCP_SERVER_AUTH_TENANT: (Optional) The tenant name for SSO authentication. Required when ENDOR_MCP_SERVER_AUTH_MODE is set to sso for Enterprise Edition access.

Manage Endor Labs MCP server tools in Cursor

1. Navigate to the Settings > Cursor Settings > Tools & MCP.

2. Click the tool that you want to disable under endor-cli-tools.

   Click on a disabled tool to enable it.

Configure Cursor rules

To enhance the MCP server integration you can add custom rules for your project. These rules are custom prompts specific to your project.

1. Navigate to the root of your repository.

2. In the .cursor/rules directory, create an .mdc file to add specific instructions.

3. Add appropriate rules for your project in the .cursor/rules/endorlabs.mdc file. For example, you can add a rule to check if the code is free from vulnerabilities.

Example Cursor rules

You can use the following Cursor rules as a quick start for the Endor Labs MCP server. Modify the rules to meet your specific organization’s needs. We recommended that you store each cursor rule in a separate file. For more information, refer to the Cursor documentation.

• SCA Rule Example
• Secrets Rule Example
• SAST Rule Example

---
description: "Ensure newly added dependencies are checked for vulnerabilities and project stays clean"
globs: '**/package.json, **/package-lock.json, **/yarn.lock, **/pnpm-lock.yaml, **/requirements.txt, **/Pipfile, **/Pipfile.lock, **/pyproject.toml, **/poetry.lock, **/go.mod, **/go.sum, **/Cargo.toml, **/Cargo.lock, **/pom.xml, **/build.gradle, **/build.gradle.kts, **/gradle.lockfile, **/composer.json, **/composer.lock'
alwaysApply: true
---

# Software Composition Analysis (SCA) Rule (Endor Labs via MCP)
This project uses Endor Labs for automated dependency (SCA) scanning, integrated through the MCP server as configured in `.cursor/mcp.json`.

## Workflow

Every time a manifest or lockfile listed above is created or modified in any way immediately do the following prior to performing your next task.

**Important**: Do not proceed after creating or modifying a manifest file without running this first. Do not write any other code or continue with your existing prompt. This is top priority whenever a manifest file is created or updated.

- Run `endor-cli-tools` using the `check_dependency_for_vulnerabilities` tool via the MCP server.
- Provide the **ecosystem**, **dependency name**, and **version** always when making this tool call. Do not forget to provide a version.
- If a vulnerability or error is identified:
  - Upgrade to the suggested safe version, or
  - Replace the dependency with a non-vulnerable alternative.
  - The AI agent must attempt to automatically correct all detected errors and vulnerabilities before session completion.
- Re-run the check using `endor-cli-tools` to confirm the issue is resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.cursor/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.

This rule ensures that all dependency changes are evaluated for risk at the time of introduction, and that the project remains clean and secure after each coding session. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Scan for leaked secrets on file modification"
globs: '**/*'
alwaysApply: true
---

# Leaked Secrets Detection Rule (Endor Labs via MCP)
This project uses @Endor Labs for automated security scanning, integrated through the MCP server as configured in `.cursor/mcp.json`.

## Workflow
Whenever a file is modified in the repository, and before the end of an agent session:
- Run `endor-cli-tools` using the `scan` tool via the MCP server to check for leaked secrets.
- Ensure the scan includes all file types and respects `.gitignore` unless otherwise configured.
- If any secrets or errors are detected:
  - Remove the exposed secret or correct the error immediately.
  - The AI agent must attempt to automatically correct all detected secrets and errors before session completion.
  - Re-run the scan to verify the secret or error has been properly removed or resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.cursor/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures no accidental credentials, tokens, API keys, or secrets are committed or remain in the project history. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Run SAST scan using endor-cli-tools on source code changes"
globs: '**/*.c, **/*.cpp, **/*.cc, **/*.cs, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.py, **/*.php, **/*.rb, **/*.rs, **/*.kt, **/*.kts, **/*.scala, **/*.swift, **/*.dart, **/*.html, **/*.yaml, **/*.yml, **/*.json, **/*.xml, **/*.sh, **/*.bash, **/*.clj, **/*.cljs, **/*.ex, **/*.exs, **/*.lua'
alwaysApply: true
---

# Static Application Security Testing (SAST) Rule (Endor Labs via MCP)

This project uses @Endor Labs for automated SAST, integrated through the MCP server as configured in `.cursor/mcp.json`.

## Workflow

Whenever a file is modified in the repository, and before the end of an agent session perform the following workflow:

- Run `endor-cli-tools` using the `scan` tool via the MCP server to perform SAST scans as described above.
- If any vulnerabilities or errors are found:
  - Present the issues to the user.
  - The AI agent must attempt to automatically correct all errors and vulnerabilities, including code errors, security issues, and best practice violations, before session completion.
  - Recommend and apply appropriate fixes (e.g., input sanitization, validation, escaping, secure APIs).
  - Continue scanning and correcting until all critical issues have been resolved or no further automated remediation is possible.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.cursor/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- Do not invoke Opengrep directly.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures all code changes are automatically reviewed and remediated for common security vulnerabilities and errors using `endor-cli-tools` and the MCP server, with Opengrep as the underlying engine.

The Endor Labs Model Context Protocol (MCP) server integrates seamlessly into your AI-native development workflows to help you keep your code secure and fix security risks faster. You can catch issues long before they’re a problem in production and fix them faster when they already are.

This guide details how to integrate Endor Labs security capabilities directly into your Visual Studio Code development workflows using MCP.

How Endor Labs MCP server helps your Visual Studio Code workflow

How to use the Endor Labs MCP server

Integrate Endor Labs MCP server into Visual Studio Code

Complete the following tasks to integrate Endor Labs MCP Server into Visual Studio Code.

• Configure the MCP server: Configure the MCP server in Visual Studio Code. You can use the interactive configuration tool or manually configure the MCP server. See Configure the MCP server in Visual Studio Code for more details. No configuration is required to get started with the Developer Edition.

• Configure permissions for your developers (optional): If you’re using the Enterprise Edition with a specific namespace, ensure that your developers have Read-Only permissions to Endor Labs. See Endor Lab’s Authorization policies for more details.

Configure the MCP server in Visual Studio Code

Visual Studio Code allows you to set MCP configurations at the project and the user level.

You can manually configure the MCP server or use the interactive configuration tool to generate a one-click installation link for Visual Studio Code.

Set up Endor Labs MCP server on Windows

npx --version

Developer Edition

Add the following configuration to the .vscode/mcp.json file to use the Endor Labs MCP server with the Developer Edition.

{
  "servers": {
    "endor-cli-tools": {
      "command": "npx",
      "args": [
        "-y",
        "endorctl",
        "ai-tools",
        "mcp-server"
      ]
    }
  }
}

Interactive MCP server configuration

Use our interactive configuration tool to generate a one-click installation link for Visual Studio Code. You can configure all the necessary parameters and generate a Visual Studio Code link that you can click to automatically install the MCP server.

Manual MCP server configuration at the repository level

1. Navigate to the root of your repository.

2. Create a .vscode directory if it doesn’t exist and create an mcp.json file in the .vscode directory.

   mkdir -p .vscode && touch .vscode/mcp.json
   

3. Add the following configuration to the .vscode/mcp.json file.

   Developer Edition

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ]
       }
     }
   }
   

   Use pre-existing configuration

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   Your local configuration already contains the namespace information, so you don’t need to specify ENDOR_NAMESPACE separately.

   Enterprise Edition

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_NAMESPACE": "<namespace>",
           "ENDOR_MCP_SERVER_AUTH_MODE": "<google|github|gitlab|sso>",
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   For Enterprise Edition, specify your namespace and choose an authentication mode. If you choose sso, you must also add ENDOR_MCP_SERVER_AUTH_TENANT to the env section.

   The following parameters are used to configure the MCP server. All parameters are optional. If no parameters are provided, the MCP server defaults to the Developer Edition with browser authentication.

   • ENDOR_MCP_SERVER_AUTH_MODE: (Optional) The authentication mode to use for the MCP server. You can use the following authentication modes: github, gitlab, google, sso. If you choose sso, you must add ENDOR_MCP_SERVER_AUTH_TENANT as an additional parameter. If not specified, the MCP server defaults to browser authentication for the Developer Edition.
   • ENDOR_NAMESPACE: (Optional) The namespace to use for the MCP server. Required for Enterprise Edition to access your organization’s specific policies. Not needed for Developer Edition.
   • ENDOR_TOKEN: (Optional) The token to use for the MCP server. Do not set this value manually. It will be set automatically by the MCP server during authentication.
   • ENDOR_MCP_SERVER_AUTH_TENANT: (Optional) The tenant name for SSO authentication. Required when ENDOR_MCP_SERVER_AUTH_MODE is set to sso for Enterprise Edition access.

Manage Endor Labs MCP server tools in Visual Studio Code

1. Open the Chat view by pressing Cmd+Option+I.

2. Switch to the Agent mode.

3. Click the Settings icon.

4. Select the tools that you want to enable or disable under MCP Server: endor-cli-tools.

Use the MCP server with GitHub Copilot

To use the Endor Labs MCP server with GitHub Copilot in Visual Studio Code:

1. Open the Chat view by pressing Cmd+Option+I.

2. Switch to the Agent mode.

3. Click the Settings icon.

4. Select MCP Server: endor-cli-tools from the dropdown menu.

5. Set up Copilot rules in .github/instructions/*.md to use the Endor Labs MCP server throughout the development process. See Copilot rules examples to learn more.

You can now use Endor Labs tools in your chat prompts to scan for vulnerabilities.

Example Copilot rules

Copilot instructions define the guidelines that Copilot should follow throughout the development process. The following examples demonstrate how to use the Endor Labs MCP server within Copilot rules.

• SCA Rule Example
• Secrets Rule Example
• SAST Rule Example

---
description: "Ensure newly added dependencies are checked for vulnerabilities and project stays clean"
applyTo: '**/package.json, **/package-lock.json, **/yarn.lock, **/pnpm-lock.yaml, **/requirements.txt, **/Pipfile, **/Pipfile.lock, **/pyproject.toml, **/poetry.lock, **/go.mod, **/go.sum, **/Cargo.toml, **/Cargo.lock, **/pom.xml, **/build.gradle, **/build.gradle.kts, **/gradle.lockfile, **/composer.json, **/composer.lock'
alwaysApply: true
---

# Software Composition Analysis (SCA) Rule (Endor Labs via MCP)
This project uses Endor Labs for automated dependency (SCA) scanning, integrated through the MCP server as configured in `.vscode/mcp.json`.

## Workflow

Every time a manifest or lockfile listed above is created or modified in any way immediately do the following prior to performing your next task.

**Important**: Do not proceed after creating or modifying a manifest file without running this first. Do not write any other code or continue with your existing prompt. This is top priority whenever a manifest file is created or updated.

- Run `endor-cli-tools` using the `check_dependency_for_vulnerabilities` tool via the MCP server.
- Provide the **ecosystem**, **dependency name**, and **version** always when making this tool call. Do not forget to provide a version.
- If a vulnerability or error is identified:
  - Upgrade to the suggested safe version, or
  - Replace the dependency with a non-vulnerable alternative.
  - The AI agent must attempt to automatically correct all detected errors and vulnerabilities before session completion.
- Re-run the check using `endor-cli-tools` to confirm the issue is resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.vscode/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.

This rule ensures that all dependency changes are evaluated for risk at the time of introduction, and that the project remains clean and secure after each coding session. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Scan for leaked secrets on file modification"
applyTo: '**/*'
alwaysApply: true
---

# Leaked Secrets Detection Rule (Endor Labs via MCP)
This project uses @Endor Labs for automated security scanning, integrated through the MCP server as configured in `.vscode/mcp.json`.

## Workflow
Whenever a file is modified in the repository, and before the end of an agent session:
- Run `endor-cli-tools` using the `scan` tool via the MCP server to check for leaked secrets.
- Ensure the scan includes all file types and respects `.gitignore` unless otherwise configured.
- If any secrets or errors are detected:
  - Remove the exposed secret or correct the error immediately.
  - The AI agent must attempt to automatically correct all detected secrets and errors before session completion.
  - Re-run the scan to verify the secret or error has been properly removed or resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.vscode/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures no accidental credentials, tokens, API keys, or secrets are committed or remain in the project history. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Run SAST scan using endor-cli-tools on source code changes"
applyTo: '**/*.c, **/*.cpp, **/*.cc, **/*.cs, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.py, **/*.php, **/*.rb, **/*.rs, **/*.kt, **/*.kts, **/*.scala, **/*.swift, **/*.dart, **/*.html, **/*.yaml, **/*.yml, **/*.json, **/*.xml, **/*.sh, **/*.bash, **/*.clj, **/*.cljs, **/*.ex, **/*.exs, **/*.lua'
alwaysApply: true
---

# Static Application Security Testing (SAST) Rule (Endor Labs via MCP)

This project uses @Endor Labs for automated SAST, integrated through the MCP server as configured in `.vscode/mcp.json`.

## Workflow

Whenever a file is modified in the repository, and before the end of an agent session perform the following workflow:

- Run `endor-cli-tools` using the `scan` tool via the MCP server to perform SAST scans as described above.
- If any vulnerabilities or errors are found:
  - Present the issues to the user.
  - The AI agent must attempt to automatically correct all errors and vulnerabilities, including code errors, security issues, and best practice violations, before session completion.
  - Recommend and apply appropriate fixes (e.g., input sanitization, validation, escaping, secure APIs).
  - Continue scanning and correcting until all critical issues have been resolved or no further automated remediation is possible.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `.vscode/mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- Do not invoke Opengrep directly.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures all code changes are automatically reviewed and remediated for common security vulnerabilities and errors using `endor-cli-tools` and the MCP server, with Opengrep as the underlying engine.

The Endor Labs Model Context Protocol (MCP) server integrates seamlessly into your AI-native development workflows to help you keep your code secure and fix security risks faster. You can catch issues long before they’re a problem in production and fix them faster when they already are.

Endor Labs MCP server is available as a Gemini extension. After you install the extension, you can use natural language commands to interact with the MCP server. You can find the extension on GitHub.

This guide details how to integrate Endor Labs security capabilities directly into your Gemini development workflows using MCP.

How Endor Labs MCP server helps your Gemini workflow

How to use the Endor Labs MCP server

Integrate Endor Labs MCP server into Gemini

Complete the following tasks to integrate Endor Labs MCP Server into Gemini.

• Install the Endor Labs MCP server as a Gemini extension. See Install the Endor Labs MCP server as a Gemini extension for more details. No configuration is required to get started with the Developer Edition.

• Configure permissions for your developers (optional): If you’re using the Enterprise Edition with a specific namespace, ensure that your developers have Read-Only permissions to Endor Labs. See Endor Lab’s Authorization policies for more details.

Set up Endor Labs MCP server on Windows

npx --version

Tools in the Endor Labs MCP server

The Endor Labs MCP server provides the following tools:

• check_dependency_for_vulnerabilities: Check if the dependencies in your project are vulnerable.
• get_endor_vulnerability: Get the details of a specific vulnerability from the Endor Labs vulnerability database.
• get_resource: Add additional context from commonly used Endor Labs resources about your software such as findings, vulnerabilities, and projects.
• scan: Run an Endor Labs security scan to detect risks in your open source dependencies, find common security issues, and spot any credentials accidentally exposed in your Git repository.

After you set up the MCP server, you can choose to disable the tools that you do not want to use.

Install the Endor Labs MCP server as a Gemini extension

Run the following command to install the Endor Labs MCP server as a Gemini extension.

gemini extensions install https://github.com/endorlabs/gemini-extension.git

Verify the Endor Labs MCP server installation

Run the following command in the Gemini CLI to verify the Endor Labs MCP server installation.

gemini> /mcp list

The following output appears if the Endor Labs MCP server is installed.

Initialize the Endor Labs MCP server in Gemini CLI

After you install the Endor Labs MCP server as a Gemini extension, you can optionally initialize the MCP server in Gemini CLI.

Developer Edition

You can use the MCP server without initialization. When you first use a tool, a browser window will open allowing you to authenticate with GitHub, GitLab, or Google. The MCP server will automatically use the Developer Edition with default security policies.

Use pre-existing configuration

If you already have Endor Labs configured locally (from a previous endorctl initialization), the MCP server uses your local configuration. The configuration already contains the namespace information, so you don’t need to specify it separately.

Enterprise Edition

If you want to use the Enterprise Edition with your organization’s specific policies, you can use natural language commands to initiate an authentication flow.

gemini> Initialize Endor Labs with Google authentication using the command `endorctl init --auth-mode=google`

You can use any supported authentication mode: google, github, gitlab, or sso. If you choose sso, you must also provide your tenant name. Existing users with read-only permissions on a namespace can authenticate to their namespace through the browser.

Use Endor Labs MCP server in Gemini CLI

After you initialize the MCP server, you can converse with the MCP server using natural language commands to get information about your projects, vulnerabilities, and dependencies.

The following examples show how to use the Endor Labs MCP server in Gemini CLI. Always navigate to the project directory before using the MCP server.

Example: Scan for security vulnerabilities in your project

gemini> Scan my project for security vulnerabilities

Example: Check dependencies for known CVEs

gemini> Check dependencies for known CVEs

Example: Generate a security report for this repository

gemini> Generate a security report for this repository

Gemini context file

The Endor Labs MCP server provides a context file that you can use to add additional context to the MCP server. The context file,ENDORLABS_CONTEXT.md is located in the ~/.gemini/extensions/endorlabs/gemini-extension/ directory.

You can use the context file to add additional context to the MCP server. For example, you can add additional rules and context for your project in the context file.

The Endor Labs Model Context Protocol (MCP) server integrates seamlessly into your AI-native development workflows to help you keep your code secure and fix security risks faster. You can catch issues long before they’re a problem in production and fix them faster when they already are.

How Endor Labs MCP server helps your IntelliJ IDEA workflow

How to use the Endor Labs MCP server

Integrate Endor Labs MCP server into IntelliJ IDEA

Complete the following tasks to integrate Endor Labs MCP Server into IntelliJ IDEA.

• Configure the MCP server: Configure the MCP server in IntelliJ IDEA with GitHub Copilot. You can use the interactive configuration tool or manually configure the MCP server. See Configure the MCP server in IntelliJ IDEA with GitHub Copilot for more details. No configuration is required to get started with the Developer Edition.

• Configure permissions for your developers (optional): If you’re using the Enterprise Edition with a specific namespace, ensure that your developers have Read-Only permissions to Endor Labs. See Endor Lab’s Authorization policies for more details.

• Configure Copilot rules (optional): Set up Copilot rules to guide AI development with Endor Labs. See Example Copilot rules for more details.

Configure the MCP server in IntelliJ IDEA with GitHub Copilot

IntelliJ IDEA allows you to set MCP configurations at the project and the user level.

You can manually configure the MCP server or use the interactive configuration tool to generate a one-click installation link for IntelliJ IDEA.

Set up Endor Labs MCP server on Windows

npx --version

Developer Edition

Add the following configuration to the mcp.json file to use the Endor Labs MCP server with the Developer Edition.

{
  "servers": {
    "endor-cli-tools": {
      "command": "npx",
      "args": [
        "-y",
        "endorctl",
        "ai-tools",
        "mcp-server"
      ]
    }
  }
}

Interactive MCP server configuration

Use our interactive configuration tool to generate a one-click installation link for IntelliJ IDEA. You can configure all the necessary parameters and generate an IntelliJ IDEA link that you can click to automatically install the MCP server.

Manual MCP server configuration at the repository level

1. Open the GitHub Copilot Chat from the right sidebar.

2. Switch to Agent mode.

3. Click Configure Tools.

4. Select + Add More Tools… from the bottom left corner to open the mcp.json and configure the Copilot rules.

5. Add the following configuration to the mcp.json file.

   Developer Edition

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ]
       }
     }
   }
   

   Use pre-existing configuration

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   Your local configuration already contains the namespace information, so you don’t need to specify ENDOR_NAMESPACE separately.

   Enterprise Edition

   {
     "servers": {
       "endor-cli-tools": {
         "command": "npx",
         "args": [
           "-y",
           "endorctl",
           "ai-tools",
           "mcp-server"
         ],
         "env": {
           "ENDOR_NAMESPACE": "<namespace>",
           "ENDOR_MCP_SERVER_AUTH_MODE": "<google|github|gitlab|sso>",
           "ENDOR_TOKEN": "automatic"
         }
       }
     }
   }
   

   For Enterprise Edition, specify your namespace and choose an authentication mode. If you choose sso, you must also add ENDOR_MCP_SERVER_AUTH_TENANT to the env section.

   The following parameters are used to configure the MCP server. All parameters are optional. If no parameters are provided, the MCP server defaults to the Developer Edition with browser authentication.

   • ENDOR_MCP_SERVER_AUTH_MODE: (Optional) The authentication mode to use for the MCP server. You can use the following authentication modes: github, gitlab, google, sso. If you choose sso, you must add ENDOR_MCP_SERVER_AUTH_TENANT as an additional parameter. If not specified, the MCP server defaults to browser authentication for the Developer Edition.
   • ENDOR_NAMESPACE: (Optional) The namespace to use for the MCP server. Required for Enterprise Edition to access your organization’s specific policies. Not needed for Developer Edition.
   • ENDOR_TOKEN: (Optional) The token to use for the MCP server. Do not set this value manually. It will be set automatically by the MCP server during authentication.
   • ENDOR_MCP_SERVER_AUTH_TENANT: (Optional) The tenant name for SSO authentication. Required when ENDOR_MCP_SERVER_AUTH_MODE is set to sso for Enterprise Edition access.

6. Save and close the mcp.json.

7. Switch from Agent to Ask mode in the chat and then back to Agent mode to access the Endor Labs MCP server.

8. Click Configure Tools and select endor-cli-tools.

9. Set up Copilot rules in .github/instructions/*.md to use the Endor Labs MCP server throughout the development process. See Add repository custom instructions for GitHub Copilot and Copilot example rules to learn more.

You can now use Endor Labs tools in your chat prompts to scan for vulnerabilities.

Example Copilot rules

Copilot instructions define the guidelines that Copilot should follow throughout the development process. The following examples demonstrate how to use the Endor Labs MCP server within Copilot rules.

• SCA Rule Example
• Secrets Rule Example
• SAST Rule Example

---
description: "Dependency vulnerability scanning using Endor Labs via MCP server integration"
applyTo: '**/package.json, **/package-lock.json, **/yarn.lock, **/pnpm-lock.yaml, **/requirements.txt, **/Pipfile, **/Pipfile.lock, **/pyproject.toml, **/poetry.lock, **/go.mod, **/go.sum, **/Cargo.toml, **/Cargo.lock, **/pom.xml, **/build.gradle, **/build.gradle.kts, **/gradle.lockfile, **/composer.json, **/composer.lock'

---

# Software Composition Analysis (SCA) Rule (Endor Labs via MCP)
This project uses Endor Labs for automated dependency (SCA) scanning, integrated through the MCP server as configured in `mcp.json`.

## Workflow

Every time a manifest or lockfile listed above is created or modified in any way immediately do the following prior to performing your next task.

**Important**: Do not proceed after creating or modifying a manifest file without running this first. Do not write any other code or continue with your existing prompt. This is top priority whenever a manifest file is created or updated.

- Run `endor-cli-tools` using the `check_dependency_for_vulnerabilities` tool via the MCP server.
- Provide the **ecosystem**, **dependency name**, and **version** always when making this tool call. Do not forget to provide a version.
- If a vulnerability or error is identified:
  - Upgrade to the suggested safe version, or
  - Replace the dependency with a non-vulnerable alternative.
  - The AI agent must attempt to automatically correct all detected errors and vulnerabilities before session completion.
- Re-run the check using `endor-cli-tools` to confirm the issue is resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.

This rule ensures that all dependency changes are evaluated for risk at the time of introduction, and that the project remains clean and secure after each coding session. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Scan for leaked secrets on file modification using Endor Labs via MCP server integration"
applyTo: '**/*'

---

# Leaked Secrets Detection Rule (Endor Labs via MCP)
This project uses [Endor Labs](https://docs.endorlabs.com/) for automated security scanning, integrated through the MCP server as configured in `mcp.json`.

## Workflow
Whenever a file is modified in the repository, and before the end of an agent session:
- Run `endor-cli-tools` using the `scan` tool via the MCP server to check for leaked secrets.
- Ensure the scan includes all file types and respects `.gitignore` unless otherwise configured.
- If any secrets or errors are detected:
  - Remove the exposed secret or correct the error immediately.
  - The AI agent must attempt to automatically correct all detected secrets and errors before session completion.
  - Re-run the scan to verify the secret or error has been properly removed or resolved.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures no accidental credentials, tokens, API keys, or secrets are committed or remain in the project history. The scan may be performed at the end of an agent session, provided all modifications are checked and remediated before session completion.

---
description: "Static Application Security Testing (SAST) using Endor Labs via MCP server integration"
applyTo: '**/*.c, **/*.cpp, **/*.cc, **/*.cs, **/*.go, **/*.java, **/*.js, **/*.jsx, **/*.ts, **/*.tsx, **/*.py, **/*.php, **/*.rb, **/*.rs, **/*.kt, **/*.kts, **/*.scala, **/*.swift, **/*.dart, **/*.html, **/*.yaml, **/*.yml, **/*.json, **/*.xml, **/*.sh, **/*.bash, **/*.clj, **/*.cljs, **/*.ex, **/*.exs, **/*.lua'

---

# Static Application Security Testing (SAST) Rule (Endor Labs via MCP)

This project uses [Endor Labs](https://docs.endorlabs.com/) for automated SAST, integrated through the MCP server as configured in `mcp.json`.

## Workflow

Whenever a file is modified in the repository, and before the end of an agent session perform the following workflow:

- Run `endor-cli-tools` using the `scan` tool via the MCP server to perform SAST scans as described above.
- If any vulnerabilities or errors are found:
  - Present the issues to the user.
  - The AI agent must attempt to automatically correct all errors and vulnerabilities, including code errors, security issues, and best practice violations, before session completion.
  - Recommend and apply appropriate fixes (e.g., input sanitization, validation, escaping, secure APIs).
  - Continue scanning and correcting until all critical issues have been resolved or no further automated remediation is possible.
- If an error occurs in any MCP server tool call (such as missing required parameters like version, invalid arguments, or tool invocation failures):
  - The AI agent must review the error, determine the cause, and automatically correct the tool call or input parameters.
  - Re-attempt the tool call with the corrected parameters.
  - Continue this process until the tool call succeeds or it is determined that remediation is not possible, in which case the issue and reason must be reported.
- Save scan results and remediation steps in a security log or as comments for audit purposes.

## Notes
- All scans must be performed using the MCP server integration (`endor-cli-tools`) as configured in `mcp.json`. Do not invoke `endorctl` directly.
- For troubleshooting, ensure the MCP server is running and `endorctl` is installed and accessible in your environment.
- Do not invoke Opengrep directly.
- **Important**: This scan must use the path of the directory from which the changed files are in. Do not attempt to set the path directly to a file as it must be a directory. Use absolute paths like /Users/username/mcp-server-demo/backend rather than relative paths like 'backend'

This rule ensures all code changes are automatically reviewed and remediated for common security vulnerabilities and errors using `endor-cli-tools` and the MCP server, with Opengrep as the underlying engine.

AI security code review provides automated code review capabilities using artificial intelligence to identify potential security issues in your codebase.

After you set up AI security code review, creating a pull request triggers an Endor Labs scan on the diff. Endor Labs sends the scan data to an AI model to produce a security analysis and generates a report.

You can view the report in the Endor Labs user interface. You can also enable pull request comments to get a comment on your GitHub pull request with the details of the AI security code review.

The following sections provide information on how to set up AI security code review, customize a scan profile, and view the AI security code review results.

Before you set up AI security code review, ensure that the following prerequisites are in place:

• An active Endor Labs subscription with Endor Code Pro license.
• Administrator access to your GitHub organization.
• Access to configure scan profiles and policies.
• Enable Code Segment Embeddings and LLM Processing in Data Privacy settings.

Enable Code Segment Embeddings and LLM Processing

Perform the following steps to enable code segment embeddings and LLM processing:

1. Select Settings from the left sidebar.

2. Select SYSTEM SETTINGS > Data Privacy.

   

3. Select Code Segment Embeddings and LLM Processing.

4. Click Save Data Privacy Settings.

Verify license and feature access

Perform the following steps to verify your license and feature access:

1. Select Settings > License from the left sidebar.
2. Verify that you have Security Review in Products and Features.

To set up AI security code review, you need to complete the following tasks:

• Ensure that the GitHub App is installed and configured properly. If you are using endorctl, skip this step and ensure that you have set up the environment variables required for the endorctl scan command.
• Configure a scan profile for AI security code review.
• Enable the security review finding policy.
• Configure an action policy if you want to get comments on your GitHub pull request with the details of the AI security code review.

GitHub App Configuration

Install the GitHub App if you don’t have it already. See GitHub App for more information.

Ensure that you enable the following settings:

• Pull Request Scans: Pull Request Scans allows Endor Labs to scan the pull requests. You must enable this setting so that AI security code review can proceed for a pull request.
• Pull Request Comments: Pull Request Comments allows Endor Labs to comment on a pull request in GitHub. This setting is optional, and you need to enable this setting if you want a comment on your GitHub pull request with the details of the AI security code review. In addition, you also need to select Pull Request Comments in your scan profile and set up an action policy.

Configure scan profile for AI security code review

Create a scan profile for AI security code review and configure the following options:

• Pull Request Scans: Mandatory. This setting allows Endor Labs to scan the pull requests.
• Pull Request Comments: Optional. This setting allows Endor Labs to comment on a pull request in GitHub.
• AI security code review Scans: Mandatory. This setting allows Endor Labs to scan the pull requests for AI security code review.
• Disable Code Summary: Optional. This setting allows you to disable the code summary for the AI security code review.
• Custom Prompt: Optional. You can enter a custom prompt to modify how AI security code review detects and categorizes security-related changes.

After you create the scan profile, assign the scan profile to the projects for which you want to set up AI security code review.

See Scan Profiles for more information on creating a scan profile.

Enable finding policy for AI security code review

Ensure that the Security Review policy is enabled under finding policies.

1. Select Policies & Rules from the left sidebar.
2. Select Finding Policies.
3. Search for Security Review and ensure that the policy is enabled.

Configure action policy for pull request comments

If you want to get comments on your GitHub pull requests, you need to set up an action policy.

1. Select Settings from the left sidebar.

2. Select Action Policies.

3. Click Create Action Policy.

4. Select Security Review as the Policy Template.

5. Choose the severity threshold to trigger the AI security code review.

   You can choose from the following severity thresholds:

   • Any
   • Low
   • Medium
   • High
   • Critical

6. Select Pull Request as the Branch Type.

7. Choose Enforce Policy as the action, and select Warn or Break the Build depending on your preference.

8. Configure include and exclude patterns for the policy.

9. Name the policy and provide a description.

10. Enter tags if required for the policy.

11. Click Create Action Policy to save the policy.

See Action Policies for more information on setting up an action policy.

You can use AI security code review with endorctl and GitHub environment variables without requiring the GitHub App. This approach allows you to integrate AI security code review into your local development workflows. You can use this approach only if you have GitHub as your source control management system.

Complete the following tasks to set up AI security code review with endorctl:

• Complete the prerequisites to use AI security code review with endorctl.
• Set up the environment variables required to run endorctl for AI security code review.
• Install and authenticate endorctl, build your project, and run a scan. Scanning the repository creates the project in Endor Labs that you can use to configure the scan profile.
• Configure a scan profile for AI security code review.
• Enable the security review finding policy.
• Configure an action policy if you want to get comments on your GitHub pull request with the details of the AI security code review.
• Run scans for AI security code review.
• View results of the AI security code review.

Prerequisites to use AI security code review with endorctl

Ensure that the following prerequisites are met before using AI security code review with endorctl:

• An active Endor Labs subscription with Endor Code Pro license.
• Access to configure scan profiles and policies
• Code Segment Embeddings and LLM Processing enabled in Data Privacy settings
• A GitHub token with appropriate permissions.

Enable Code Segment Embeddings and LLM Processing

Perform the following steps to enable code segment embeddings and LLM processing:

1. Select Settings from the left sidebar.

2. Select SYSTEM SETTINGS > Data Privacy.

   

3. Select Code Segment Embeddings and LLM Processing.

4. Click Save Data Privacy Settings.

Verify license and feature access

Perform the following steps to verify your license and feature access:

1. Select Settings > License from the left sidebar.
2. Verify that you have Security Review in Products and Features.

Set up environment variables

Configure the following environment variables for GitHub integration:

# Required: GitHub token with repo access
export GITHUB_TOKEN=<your-github-token>

# Required: Endor Labs authentication
export ENDOR_API_CREDENTIALS_KEY=<your-api-key>
export ENDOR_API_CREDENTIALS_SECRET=<your-api-secret>
export ENDOR_NAMESPACE=<your-namespace>

Pull request scan with AI security code review

To scan a pull request with AI security code review, fetch the pull request branch locally and checkout the branch.

git fetch origin pull/<PR_NUMBER>/head:pr-<PR_NUMBER>
git checkout pr-<PR_NUMBER>

For example, to scan pull request 12, you need to run the following commands.

git fetch origin pull/12/head:pr-12
git checkout pr-12

After you have fetched and checked out the pull request branch, you can run the following command to scan the pull request with AI security code review.

endorctl scan \
  -n <namespace> \
  --pr \
  --security-review \
  --scm-pr-id <PR_NUMBER> \
  --github-token $GITHUB_TOKEN \
  --enable-pr-comments

The following table describes the flags used in the command.

You can view the AI security code review results in the Endor Labs UI. You can also enable PR comments to get a comment on your GitHub PR with the details of the AI security code review. If you use merge queues, Endor Labs provides security review for the PRs until they are added to the merge queue. Endor Labs does a final security review on the merged commit SHA to the default branch.

View AI security code review results in Endor Labs UI

1. Select Projects from the left sidebar.

2. Select the project for which you want to view the AI security code review results.

3. Select Security Review.

   

   You can view the AI security code review results for all the pull requests raised in the project. You can also search for a specific pull request and view the results.

   You can filter the results by the type of the security issues, the severity of the security issues, the author of the PR, the approvers, and the creation time of the PR. You can select advanced to enter a search query to filter the results.

   For example, you can filter the results to show only the critical security issues that are part of unmerged pull requests:

   (spec.level in ["SECURITY_REVIEW_LEVEL_CRITICAL"] and spec.repository_pull_request_spec.merged != true)

4. Click on a pull request to view the detailed report.

   

   The report appears in the right sidebar. You can view the security analysis of the PR and the list of security risks along with their severities.

   You can click links against the security analysis to go directly to the lines of code that has the security risk.

   You can also click the links to view the pull request and the specific commit that introduced the security risk.

5. Select the arrow next to a security risk to view the details of the security risk.

   

   You can view the analysis of the security risk, the code snippet associated with the risk, and the details of the pull request.

Security review GitHub pull request comment

If you configure the action policy to get comments on your GitHub pull requests, Endor Labs comments on the pull request with the security analysis.

AI security code review PR comments provide automated feedback directly in your GitHub pull requests when potential security issues are detected in your code changes. This feature helps developers identify and fix security vulnerabilities before code is merged into the main branch.

When you create or update a pull request, Endor Labs automatically scans the diff of the pull request. The scan data is sent to a private and secure AI model for security analysis. A comment is automatically posted to your PR with the analysis. You can review the findings and make necessary changes.

If no security issues are detected, you can see a comment indicating a clean security review.

Benefits of AI security code review PR comments

You can get the following benefits with AI security code review PR comments:

• Get security feedback without leaving your development workflow
• Identify issues before code review or merge
• Reduce the time between writing code and discovering security problems
• Receive specific recommendations for fixing security issues
• Understand the security implications of your code changes
• Learn about security best practices through real examples

Content of AI security code review PR comment

After the analysis is complete, Endor Labs posts a comment directly on your pull request with the following information:

• Summary: A summary of the code changes in the pull request along with the file name and location of the code changes.
• Security Changes: A list of security changes in the pull request along with the file names and location of the security changes.

The following example shows how an AI security code review PR comment appears in a GitHub pull request.

Summary of code changes

The AI security review provides a comprehensive summary of all code changes in your pull request.

The summary includes the following information:

• Detailed change analysis: What was modified, added, or removed in each file.
• File paths and line numbers: Exact locations of all changes.
• Technical implementation details: Specific functions, configurations, and changes made in the code.
• Impact assessment: Analysis of how changes affect the overall system.

The following example shows a summary of code changes for a pull request.

Security Changes

The AI security review analyzes your code changes across different security aspects and provides detailed findings for any security-relevant changes.

The following sections describe the security changes in more detail.

• Comment structure of security changes
• Severity levels
• Category icons for security changes

The following example shows a security changes for a pull request.

Comment structure of security changes

The comment structure is as follows:

• Security Changes Header: Numbered count of security changes found.
• Security Aspect Icons: Visual indicators and category icons for quick identification.
• Severity Level: Critical, High, Medium, or Low classification.
• Detailed Description: Comprehensive explanation of the security concern.
• Code References: Specific file paths and line numbers with clickable links.
• Justification Section: Detailed explanation of why the change poses a security risk.

Severity levels

The following severity levels are used to classify the security changes:

• 🔴 Critical: Immediate security threats (prompt injection vulnerabilities, authentication bypasses).
• 🟠 High: Significant security risks (API endpoint issues, access control problems).
• 🟡 Medium: Security concerns to address (PII data handling, dependency security, JWT implementation).
• 🟢 Low: Minor security issues or best practice violations.

Category icons for security changes

The following category icons are used to classify the security changes:

• 📦 Dependency: Dependency security, library vulnerabilities.
• 🤖 AI: AI model security, prompt injection risks.
• 🔒 Access Control: Authentication, authorization, session management.
• 🔌 API Endpoint: API security controls, rate limiting.
• 🗄️ Database: Query construction, data access controls.
• 🔐 Cryptographic: Encryption, hashing, key management, JWT implementation.
• 💳 Payment Processing: Financial data security, PCI compliance.
• 🧠 Memory Protection: Buffer overflows, memory leaks.
• 👤 PII Data Handling: PII handling, data classification, local storage security.
• 📝 Input Validation: Data sanitization, injection prevention.
• 🏗️ Infrastructure: Cloud resources, container security.
• 🚀 CI/CD: Build pipeline security, artifact integrity.
• ⚙️ Configuration: Secrets management, environment variables.
• 🌐 Network: Firewall rules, network segmentation.

Endor Labs provides AI-powered assistance to help you understand vulnerabilities, troubleshoot issues, and accelerate security triage.

Endor AI Chat

Use the Endor AI Chat to understand vulnerabilities and view recommended actions. It leverages AI to provide contextual explanations, guidance, and next steps for issues detected in your project. With AI-powered context, you can reduce time spent digging through raw data and accelerate triage and remediation.

Prerequisites

To start using Endor Ask AI chat, you must enable Code Segment Embeddings and LLM Processing in Data Privacy settings.

1. Select Settings from the left sidebar.
2. Select SYSTEM SETTINGS > Data Privacy.
3. Select Code Segment Embeddings and LLM Processing.
4. Click Save Data Privacy Settings.

Use cases

• Investigate vulnerabilities: Use the AI chat to simplify technical details and generate summaries.
• Summarize scan results: Analyze scans performed by endorctl over time.
• Understand vulnerabilities: Ask natural-language questions about vulnerabilities in the database.
• Understand packages: Get quick explanations for package resolution and reachability errors.

Example questions

• Summarize this finding.
• Is this vulnerability exploitable?
• How do I remediate this?
• Is this a true positive SAST finding?
• Which issues were introduced or resolved?
• Why is this considered high severity?

Data scope for AI responses

Endor Ask AI chat agents generate answers based solely on specific data available within the Endor Labs platform:

• Findings
• Scan results
• Vulnerabilities
• Package versions

If the requested information falls outside this scope, the AI may not be able to generate a response.

An AI model is a computational system designed to simulate human intelligence by performing tasks such as recognizing patterns, making decisions, predicting outcomes, or generating content. Many open source AI models are freely available for use, modification, and distribution. Just like dependencies, these AI models can bring operational and security risks in the organization that uses them. Gaining visibility into these risks can minimize the vulnerabilities introduced by them.

Endor Labs picks the top ten thousand open source AI models available on Hugging Face and assigns Endor scores to them, so that you can make informed decisions before using them in your organization. See AI Model scores for more information.

You can search for AI models in the following ways:

• View detected AI models: Select Inventory > AI Models from the left sidebar to see AI models discovered in your namespace.

• Search AI models from Hugging Face: Select Discover > AI Models from the left sidebar to search and evaluate models.

  • Type in the search bar and click Search AI Models.

    

  • Select a result to view details such as security, activity, popularity, and quality score.

    

  • Click Go to Hugging Face to see more to open the model on the Hugging Face website.

Endor Labs can detect AI models and list them as dependencies when you run a scan with the --ai-models flag. You can view the detected AI models in the Inventory > AI Models section of the Endor Labs user interface.

You can define custom policies to flag the usage of specific AI providers, specific AI models, or models with low-quality scores so that their usage raises findings as part of your scan. Endor Labs provides AI model policy templates that you can use to create finding policies that are tailored to your organization’s needs. You can view these findings in Code Dependencies > AI Models on the Findings page.

Run the following command to detect AI models in your repository.

endorctl scan --ai-models

When you run a scan with the --ai-models option, Endor Labs downloads Opengrep and runs Opengrep to detect AI models.

Endor Labs detects AI models using pattern matching and can use LLM processing to improve detection accuracy. LLM processing is disabled by default.

See Supported AI model providers for the list of external AI models detected by Endor Labs. Only Hugging Face models are scored, as they are open source and provide extensive public metadata. Models from all other providers are detected but not scored due to limited metadata.

Enable LLM processing for AI model detection

To enable LLM processing in Endor Labs:

1. Select Settings from the left sidebar.
2. Select System settings > Data privacy.
3. Turn on Code Segment Embeddings and LLM Processing.

See Configure system settings for more information.

To generate AI model findings:

1. Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.

2. View AI Model findings.

3. To disable AI model discovery, set ENDOR_SCAN_AI_MODELS=false in your scan profile.

AI model detection

The following table lists the AI model providers currently supported by Endor Labs for model detection. For each provider, the table includes supported programming languages, if model scoring is available, and a reference link to the provider’s API documentation.

AI model discovery through monitoring scans

By default, AI models are discovered during SCA scans run through GitHub App, Bitbucket App, Azure DevOps App, and GitLab App. You can view the reported AI models under Inventory > AI Models in the left sidebar.

To disable AI model discovery, set ENDOR_SCAN_AI_MODELS=false as an additional environment variable in the scan profile and assign the scan profile to the project.

Detect AI models

Configure finding policies and perform an endorctl scan to detect AI models in your repositories and review the findings.

1. Configure finding policy to detect AI models with low scores and enforce organizational restrictions on specific AI models or model providers.

2. Run an endorctl scan with the following command.

   endorctl scan --ai-models --dependencies
   

View AI models in your namespace

To view all AI models that are used in your namespace:

1. Select Inventory from the left sidebar, then AI Models.
2. Use the search bar to look for any specific models.
3. Select a model, and click to see its details.
4. You can also navigate to Findings and choose AI Models to view findings.

View AI models in a project

To view AI models that are used in a specific project:

1. Select Projects from the left sidebar and select a project.
2. Select Inventory and click AI Models under Dependencies to view findings.

View AI model findings in your namespace

To view all AI model findings in your namespace:

1. Select Findings from the left sidebar.
2. Select AI Models from the Findings page.

Policy templates for AI models

Endor Labs provides the following finding policy templates for detecting AI models that have low Endor score. See Finding Policies for details on how to create policies from policy templates.

To evaluate AI models effectively, we use a multifactor scoring system that assesses popularity, activity, operational integrity, and security.

Each model is assigned a composite score based on the following criteria:

Popularity score factors

The popularity score reflects the model’s adoption and recognition within the AI community. Higher scores indicate greater usage and community engagement.

• Number of downloads: More downloads indicate widespread adoption.

• Number of likes: More likes suggest a positive reception from users.

• Published papers: Models with linked academic papers receive higher credibility.

• GitHub repository: Models with an associated GitHub repository score higher.

• Number of spaces using the model: More integrations suggest broader utility.

Scoring approach for popularity score factors

• Models with many downloads, likes, citations, and integrations score higher.

• Models with fewer engagements score lower.

Activity score factors

The activity score measures how actively a model is discussed and maintained.

• Discussion posts: Active community discussions contribute positively.

• Pull requests: Indicates ongoing maintenance and improvements.

Scoring approach for activity score factors

• Models with frequent discussions and active pull requests score higher.

• Models with limited activity receive lower scores.

Operational score factors

The operational score assesses the model’s reliability, transparency, and usability.

• Reputable provider: Models from well-known sources score higher.

• Model age: Older, well-maintained models may score higher, but outdated models may receive penalties.

• Authorization requirements: Restricted-access models score lower for accessibility but may gain points for security.

• Gated models: If a model requires special access, it may impact usability.

• License information: Models with clear licensing receive higher scores.

• License type: Open licenses (permissive, unencumbered) generally score higher than restrictive ones.

The following factors related to the availability of model metadata are also considered.

• Metric information: Essential for model evaluation.

• Dataset information: Transparency about training data boosts score.

• Base model information: Important for derivative works.

• Training data, fine-tuning, and alignment training information: Increases credibility.

• Evaluation results: Demonstrates model performance.

Scoring approach for operational score factors

Models with comprehensive metadata, reputable providers, and clear licensing score higher.

Models with unclear ownership, restrictive access, or missing details score lower.

Security score factors

The security score evaluates potential risks associated with a model’s implementation and distribution.

• Use of safe tensors: Secure tensor formats boost safety score.

• Use of potentially unsafe files: Formats such as pickle, PyTorch, and Python code files pose security risks.

• Typosquatting risks: Models that could be impersonating popular models receive lower scores.

• Example code availability: Models that contain example code or code snippets can introduce potential issues and hence receive lower scores.

Scoring approach for security score factors

Models that follow best security practices such as safe tensors, clear documentation, or vetted repositories score higher.

Models receive lower scores if they use potentially unsafe formats such as pickle (.pkl) and unverified PyTorch (.pth) or show signs of typosquatting.

Final score calculation

Each category contributes to the overall model score. The final score is a weighted sum of these factors, with weights adjusted based on real-world relevance and risk impact.

Higher scores indicate well-documented, popular, actively maintained, and secure models, while lower scores highlight potential risks or lack of transparency.

This scoring system enables users to make informed decisions when selecting AI models for their projects.

Endor Labs continuously refines and expands its evaluation criteria; this document represents the current methodology snapshot.