> ## Documentation Index
> Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.endorlabs.com/feedback

```json
{
  "path": "/setup-deployment/ci-cd/index",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# CI/CD Integration

> Integrate Endor Labs scanning into your CI/CD pipelines.

CI Scans are used to focus team's attention and establish development workflows on the most actionable issues, prioritizing the development team's time. CI Scans can be triggered directly from automated CI/CD pipelines, looking for new vulnerabilities relative to the baseline established for the target branch. These CI Scans provide immediate feedback to developers in the form of PR comments and can also enforce policies to break builds, block PRs, send notifications, open tickets, and more. CI scans are the most actionable method to prevent vulnerabilities from entering your repositories.

<Note>
  Git must be installed and available where `endorctl scan` runs. If your pipeline does not include it, install it in your job or use a runner image that provides it. Refer to [Git documentation](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) for installation instructions.
</Note>

Perform CI scans using:

* [endorctl CLI](/developers-api/cli)
* [Scan with GitLab pipeline](/setup-deployment/ci-cd/scan-with-gitlab)
* [Scan with GitHub Actions](/setup-deployment/ci-cd/scan-with-github-actions)
* [Scan with Circle CI](/setup-deployment/ci-cd/scan-with-circleci)
* [Scan with Jenkins](/setup-deployment/ci-cd/scan-with-jenkins)
* [Scan with Azure DevOps](/setup-deployment/ci-cd/scan-with-azuredevops)
* [Scan with Bitbucket](/setup-deployment/ci-cd/scan-with-bitbucket)
* [Scan with Google Cloud Build](/setup-deployment/ci-cd/scan-with-google-cloud-build)

See [scanning strategies](/scan/sca/scanning-strategies) to learn techniques for effectively scanning and monitoring different versions of your projects with Endor Labs.

`endorctl` is a command line utility designed to bring the functionality of Endor Labs into your software delivery workflows. `endorctl` has multiple command flags to help you facilitate operational and security risk monitoring. Developers can integrate Endor Labs into Continuous Integration Workflows using the `endorctl scan`.

* `endorctl scan` - You can use endorctl scan to monitor your projects using Endor Labs, and you can update the scan information each time to keep monitoring the project for new findings. The `endorctl scan` command will scan a specific version of your repository, such as the default branch, a tagged release version, or a commit SHA.
* `endorctl scan --pr` - You can use the `endorctl scan --pr` command to scan a specific version of your source code for security and operational risks as part of your continuous integration workflows or CI runs. The `endorctl scan --pr` command performs a one-time evaluation of your project, focusing on security and operational risks, rather than providing continuous monitoring. CI runs are shown in the **Scan History** section of each project and are stored for three weeks so that you can analyze and review them on the Endor Labs user interface. See [PR scans](/scan/pr-scans) for more information.

Any continuous integration workflows generally run using the `endorctl scan --pr` command unless a scan is run on a created tag release, a push to the default or specific branch, or a commit SHA that will be deployed to production.

<Note>
  **Clone depth**

  For scans to succeed, configure shallow clone in your CI job to include the ref and commit you intend to scan. Set `ENDOR_SCAN_SHALLOW_CLONE=true` in your environment to use shallow clone when Endor Labs clones the repository.
</Note>

### Authenticating in CI with Keyless Authentication

Keyless Authentication enhances security and minimizes the expenses associated with secret rotation. Keyless authentication is Endor Labs recommended path to scan your projects in the CI workflows. See [Keyless Authentication](/setup-deployment/ci-cd/keyless-authentication) for more information.