Automatic patching

Learn how to minimize changes for an Endor patch.

Requiring development teams to upgrade software is often very difficult. With Endor patches, security risks can be fixed seamlessly during the next software build.

Auto patching with an Endor patch for each build allows you to automatically patch vulnerabilities in both direct and transitive dependencies so that you don’t have to go through the hard work of having a constant vulnerability backlog.

Opt into automated patching

To opt into auto patching with Endor patches you must configure Endor Labs Patch factory as the top priority package repository in your package manager or Artifactory virtual repository. See Connect to the Endor Labs patch factory for more details.

To enable Endor patch streaming.

  1. Navigate to Manage > Settings in your Endor Labs tenant.
  2. Click Enable Auto Patching.
  3. Click Save Patch Settings and acknowledge the warning about reproducible builds.

Tradeoffs with automated patching

When you automatically patch your software, you also give up build reproducibility as the patches might introduce changes that affect the build process or the resulting binaries in ways that are not fully controlled or predictable.

Endor Labs works hard to ensure that you get the minimum viable security patch for your software. With auto patching enabled, when a new patch is available it will automatically be applied to your software.