Discover CI/CD tools (Coming soon)

Identify and gain visibility to the various CI/CD tools used in your software development environment.

Understand the software development lifecycle environment by discovering all the CI/CD tools used in your organization, business units, or in your teams. While performing the endorctl scan, Endor Labs automatically discovers and identifies all CI/CD tools you are using in the software development environment by scanning the source code. The end result is a full mapping of your ci/cd tools with their associated categories correlated to the last time of your scan. This can help you give a comprehensive and accurate picture of your software development environment posture.

View the CI/CD tools

To view the category-wise coverage of tools present in all projects in the namespace.

  1. Sign in to the Endor Labs application.
  2. Navigate to CI/CD > Tools under the left sidebar.
  3. You can view the name of the project, its last scan date, the tools associated with the project and their categories.
  4. Select a tool in a row to navigate to the Tools section of the project. You can view the tools present in a particular project.

View the CI/CD rules

To view the CI/CD rules that are used to detect the configured CI/CD tools:

  1. Sign in to the Endor Labs application.
  2. Navigate to Policies from the left sidebar.
  3. Click See Existing Rules.
  4. Navigate to the CI/CD RULES to see the rules for configured CI/CD tools.
  5. Against each rule, click the vertical ellipsis on the right side and click View Rule to see its details.

View the list of tools defined by Endor Labs

To view the list of tool patterns defined by Endor Labs, use the following query.

endorctl api list -r ToolPattern -n system | jq '.list.objects[].meta.name' | sort

Here is the current list of CI/CD tools supported by Endor Labs:

  • AWS CloudFormation
  • AWS CodeBuild
  • AWS Serverless Application Model
  • Amazon ECR
  • Ansible
  • AppVeyor
  • Azure Container Registry
  • Azure Pipelines
  • Azure Resource Manager
  • Bandit
  • Bitbucket Pipelines
  • Buddy
  • Buildkite
  • Cargo Audit
  • Cargo Deny
  • Checkmarx
  • Checkov
  • CircleCI
  • CodeQL
  • CodeShip
  • Contrast Security
  • Debricked
  • Dependabot
  • Dependency Review Action
  • Docker Compose
  • Docker
  • DockerHub
  • Drone CI
  • Eclipse Steady
  • Endor Labs
  • Fortify SAST
  • Git Secrets
  • GitGuardian IaC Scanning
  • GitGuardian Secret Detection
  • GitHub Actions
  • GitHub Packages
  • GitHub Secrets
  • GitLab Pipelines
  • GitLab Secrets
  • GitLeaks
  • Google Artifact Registry
  • Google Cloud Build
  • Jenkins
  • Kubernetes
  • Mend
  • Nexus IQ
  • OWASP Dependency Check
  • OX Security
  • OpenSSF Scorecard
  • Orca Security
  • Prisma Cloud
  • Pulumi
  • Puppet
  • Pyup
  • Quay
  • Rancher Compose
  • Renovate
  • Retire.js
  • SaltStack
  • Screwdriver CI
  • Semgrep
  • Serverless Framework
  • Snyk
  • SonarQube
  • SpotBugs
  • StepSecurity
  • TFLint
  • TeamCity
  • Tekton
  • Terraform
  • Travis CI
  • Trivy
  • Trufflehog
  • Vagrant
  • Veracode Container
  • Veracode SAST
  • Veracode SCA