Upgrading software can be challenging for development teams. Endor Automatic Patching allows you to seamlessly fix security vulnerabilities during each software build, minimizing the effort required to maintain a secure codebase.
By enabling automatic patching with Endor Labs for every build, you can automatically address vulnerabilities in both direct and transitive dependencies. This approach helps prevent a growing backlog of security issues.
Enable Automatic Patching
To start using Endor Lab’s automatic patching, follow these steps:
1. Configure Endor Labs Patch Factory
Set Endor Labs Patch Factory as the top priority package repository in your package manager or Artifactory virtual repository.
For detailed instructions, refer to the following documentation:
- Learn how to connect to the Endor Labs Patch Factory.
- Learn how to configure JFrog Artifactory.
- Learn how to configure a Nexus repository.
2. Enable Auto Patching in Endor Labs
To enable auto patching in Endor Labs:
- Access Settings: Navigate to Manage > Settings > Endor Patches in your Endor Labs tenant.
- Activate Auto Patching: Click Auto Patch Vulnerable Dependencies.
- Save Configuration: Click Save Patch Settings and acknowledge the warning regarding reproducible builds.
After you configure these settings, Endor Labs activates auto patching for all your projects in the tenant with the supported ecosystems.
Note
Enabling or disabling auto patching may take up to ten minutes to take effect. During this period, changes to your patch settings might not be immediately applied.Considerations for automatic patching
While automatic patching enhances security by promptly addressing vulnerabilities, it introduces some trade-offs:
Build reproducibility: Automatically applied patches may alter the build process or the resulting binaries in unpredictable ways, potentially affecting build reproducibility.
Endor Labs strives to provide the minimal necessary security patches to ensure your software remains secure without introducing significant changes. With automatic patching enabled, new patches are applied automatically as they become available, reducing manual intervention and enhancing your security posture.