This topic provides information about troubleshooting issues that you may encounter in the application.
1 - endorctl CLI exit codes
The endorctl exit codes provide the result of the program’s execution, indicating whether it was completed successfully or encountered an error. This page documents the possible endorctl exit code values and the recommended next steps. When contacting support, provide the error code and the error message to help us debug the issue.
To get the exit code, run echo $?
on the command line prompt.
ENDORCTL_RC_ERROR = 2
The exact reason for the error could not be determined.
ENDORCTL_RC_INVALID_ARGS = 3
An invalid argument was provided. This may occur due to an invalid parameter value, or an incorrect package format.
ENDORCTL_RC_ENDOR_AUTH_FAILURE = 4
The user does not have the correct permissions to perform the given operation. Check the Endor Labs token or API keys to make sure they are valid and include the necessary permissions. These are provided using the --token
flag or through the environment variables ENDOR_TOKEN
, or ENDOR_API_CREDENTIALS_KEY/SECRET
. Note that the environment variables are mutually exclusive, i.e. you cannot have both a token and api keys set at the same time.
ENDORCTL_RC_GITHUB_AUTH_FAILURE = 6
The user has provided an empty or invalid GitHub token. This token is provided using the --github-token
flag or through the environment variable GITHUB_TOKEN
. You can skip the GitHub scan by not setting the --github
flag.
ENDORCTL_RC_ANALYTICS_ERROR = 7
There was an error analyzing the dependencies.
ENDORCTL_RC_FINDINGS_ERROR = 8
There was an error generating findings based on the analytics output.
ENDORCTL_RC_NOTIFICATIONS_ERROR = 9
There was an error processing a notification triggered by a notification policy. See the error log for details and verify that the corresponding notification target is setup correctly.
ENDORCTL_RC_GITHUB_API_ERROR = 10
An error was returned by the GitHub API. This can occur due to:
- GitHub rate-limiting
- Context deadline exceeded
Check the log message to see what object is causing the issue.
ENDORCTL_RC_GITHUB_PERMISSIONS_ERROR = 11
This error typically occurs when the user is authenticated with GitHub, but does not have the necessary permissions to perform the requested operation. It indicates that the user is forbidden from accessing the requested resource due to insufficient permissions.
Check the GitHub token permissions, as well as the permissions and user accounts associated with the repository and/or organization and try again.
ENDORCTL_RC_GIT_ERROR = 12
A git operation has failed. Examples of git operations are: Cloning, opening, finding the root, finding the HEAD, finding the default branch, and more. Ensure you are scanning the correct git repository and that it is properly set up for the scan.
ENDORCTL_RC_DEPENDENCY_RESOLUTION_ERROR = 13
There was an error resolving the dependencies.
ENDORCTL_RC_DEPENDENCY_SCANNING_ERROR = 14
There was an error processing the resolved dependencies.
ENDORCTL_RC_CALL_GRAPH_ERROR = 15
There was an error generating the call graph.
ENDORCTL_RC_LINTER_ERROR = 16
There was an error while running the linter(s) used to analyze the source code. This can affect secret and vulnerability detection.
ENDORCTL_RC_BAD_POLICY_TYPE = 17
An invalid policy was detected. Note that this is not a fatal error, but the policy in question was not processed. See log for details.
ENDORCTL_RC_POLICY_ERROR = 18
There was an error evaluating one or more policies. See log for details.
ENDORCTL_RC_INTERNAL_ERROR = 20
There was an internal error within endorctl. See log for details.
ENDORCTL_RC_NOT_FOUND = 22
The requested resource was not found.
ENDORCTL_RC_ALREADY_EXISTS = 23
An attempt to create an entity failed because a resource with the same key already exists.
ENDORCTL_RC_VULN_ERROR = 25
There was an issue ingesting and processing vulnerability data. See log for details.
ENDORCTL_RC_INITIALIZATION_ERROR = 26
There was an error initializing the project and/or repository. This can happen for example if the project ingestion token is missing, the project URL is invalid, or authorization failed. See log for details.
ENDORCTL_RC_HOST_CHECK_FAILURE = 27
The endorctl host-check failed. Host will not be able to run endorctl scan successfully. See log for details.
ENDORCTL_RC_SBOM_IMPORT_ERROR = 28
There was an error importing an SBOM. See log for details.
ENDORCTL_RC_PRE_COMMIT_CHECK_FAILURE = 29
The pre-commit-checks command discovered one or more leaked secrets. See log for details.
ENDORCTL_RC_GH_ACTION_WORKFLOW_SCAN_FAILURE = 30
There was an error scanning the GitHub action dependencies. See log for details.
ENDORCTL_RC_POLICY_VIOLATION = 128
One or more “blocking” admission policies were violated. See log for details.
ENDORCTL_RC_POLICY_WARNING = 129
One or more “warning” admission policies were violated. This error code is only return if the --exit-on-policy-warning
flag is set.
2 - Firewall & Proxy Rules
A web proxy bypass rule or firewall rule with the following information may be required in your environment in order to successfully use Endor Labs.
Description | DNS | IP Address | Port |
---|---|---|---|
User access to Endor Labs UI | app.endorlabs.com | 32.133.71.122 | 443 |
CI system and user ccess to Endor Labs API and CLI downloads | api.endorlabs.com | 34.96.123.220 | 443 |
User access to Endor Labs documentation | docs.endorlabs.com | 34.123.199.118 | 443 |
3 - Troubleshoot errors with DroidGPT
Endor Labs integrates with third-party Artificial Intelligence (AI) tools to help you troubleshoot errors while performing software composition analysis, dependency resolution, or generating call graphs during an endorctl scan.
In the event of an error, DroidGPT generates explanations and actionable advice for how to resolve the error on the given host system. These suggestions are displayed as part of the error log messages on the command line and can help you understand why build errors occurred during the scan process and how to resolve them.
Important
Recommendations generated are meant solely for informational purposes. Before implementing these suggestions, it is strongly advised to thoroughly verify and assess them to ensure their accuracy and suitability for your specific circumstances and work environments.Enable DroidGPT error logging
Use the ENDOR_SCAN_DROID_GPT
environment variable or the --droid-gpt
option to enable DroidGPT error logging on your system.
- Enable error logging while performing a scan.
endorctl scan --droid-gpt
- Enable error logging while checking the system specifications required for performing a scan.
endorctl host-check --droid-gpt
Example: Here is an example of the recommendations generated by DroidGPT while scanning a Ruby repository where the manifest file is not correctly configured.
*** NOTE: Use the following AI-generated advice at your own risk ***
DroidGPT suggests the following as a possible remediation:
1. The error message indicates that there is a problem parsing the Gemfile, which is preventing the dependency tree from being generated.
2. Specifically, the error message states that there are no gemspecs at the specified location, which is causing Bundler to fail.
3. To fix this issue, you should check that the Gemfile is correctly configured and that all necessary gemspecs are present.
4. Additionally, you may want to try running `bundle install` to ensure that all dependencies are properly installed.
5. Please note that this advice is generated by an AI and there may be additional factors at play that are not captured in the error message. As such, there is no guarantee that these steps will resolve the issue, and you should proceed with caution.